WordPress Share This Image plugin <= 2.07 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Share This Image versions = 2.07...

EUVD-2004-2619

Malware in sbrugna...

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

PT-2024-14307

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-411BRPplus version 2.07 eu Description A command injection issue exists in TRENDnet TEW-411BRPplus version 2.07 eu that allows a local attacker to execute arbitrary code. This is achieved by manipulating the data1 parameter within...

FreeBSD : OpenSSL -- Vector register corruption on PowerPC (8337251b-b07b-11ee-b0d7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8337251b-b07b-11ee-b0d7-84a93843eb75 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might...

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection

Software Login Lockdown Type Plugin Vulnerable versions = 2.06 Fixed in 2.07 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50837 Patch priority Low CVSS severity Low 7.6 Developer WebFactory Ltd. PSID 9ecc390faf23 Credits LVT-tholv2k Required privilege Administrator Publish...

OESA-2022-1564 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

ALPINE-CVE-2021-34432

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0...

D-Link DIR-815 Information Disclosure Vulnerability (CNVD-2018-15272)

D-Link DIR-815 is a wireless router product from AUO D-Link. A security vulnerability exists in the D-Link DIR-815 using firmware prior to version 2.07.B01, which stems from a program storing wireless keys in plaintext form. A remote attacker could exploit the vulnerability to obtain sensitive...

D-Link DIR-815 Information Disclosure Vulnerability

D-Link DIR-815 is a wireless router product from AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-815 with firmware prior to version 2.07.B01, which originates from the program storing the administrative password in plaintext. A remote attacker could exploit this...

D-Link DIR-815 Access Restriction Bypass Vulnerability

D-Link DIR-815 is a wireless router product from AUO D-Link. A security vulnerability exists in the remote management user interface in the D-Link DIR-815 using firmware versions prior to 2.07.B01. A remote attacker could exploit this vulnerability to bypass access restrictions...

D-Link DIR-815 Cross-Site Request Forgery Vulnerability

D-Link DIR-815 is a wireless router product from AUO D-Link. A cross-site request forgery vulnerability exists in the D-Link DIR-815 with firmware prior to version 2.07.B01, which stems from the program failing to properly validate user-submitted input. A remote attacker could exploit this...

CVE-2018-10107

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php...

Design/Logic Flaw

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php...

Design/Logic Flaw

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the Treturn parameter to /htdocs/webinc/js/bscsmsinbox.php...

D-Link DIR-815 Cross-Site Scripting Vulnerability (CNVD-2018-08947)

D-Link DIR-815 REV.B is a wireless router product from AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DIR-815 REV. B using firmware DIR-815REVBFIRMWAREPATCH2.07.B01 and prior versions. A remote attacker can exploit this vulnerability by sending the 'RESULT' parameter to the...

PT-2018-9684 · D Link · D-Link Dir-815

Name of the Vulnerable Software and Affected Versions: D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01 Description: The issue concerns a problem with the Treturn parameter in the /htdocs/webinc/js/bsc sms inbox.php API endpoint, which can be exploited. Recommendations:...

PT-2018-4006 · D Link · D-Link Dir-815

Name of the Vulnerable Software and Affected Versions: D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01 Description: The issue exists due to inadequate protection of the web page structure in the /htdocs/webinc/js/info.php component of the D-Link DIR-815 REV. B router's...