Exploit for CVE-2021-33393

IPFire2.25RCEAuthenticated This exploit is based on CVE-202...

EUVD-2025-27069

Malicious code in bioql PyPI...

CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

BIT-GIT-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

WordPress Relevanssi Premium Plugin < 2.25 is vulnerable to Sensitive Data Exposure

Software Relevanssi Premium Type Plugin Vulnerable versions 2.25 Fixed in 2.25 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 420edf018e9b Credits N/A Required privilege Unauthenticated...

SUSE CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

SUSE CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC 1 camera or 2 microphone permission prompt by triggering navigation at a certain time during generation of this prompt...

SUSE CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

Schneider Electric EcoStruxure Power Commission 授权问题漏洞

Schneider Electric EcoStruxure Power Commission is a comprehensive software from Schneider Electric France that provides powerful features for setting up, testing and commissioning low voltage distribution cabinets. An authorization issue vulnerability exists in Schneider Electric EcoStruxure Pow...

GLSA-202301-07 : Alpine: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202301-07 Alpine: Multiple Vulnerabilities - In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. CVE-2021-38370 - Alpine before 2.25 allows remote attackers to cause a denial of service...

UBUNTU-CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations...

ROS-2-439

2.439 Vulnerability in GNU C Library glibc 2.32 CVE-2016-10228,CVE-2020-10029. 1. Vulnerability Description: CVE-2016-10228 Looping in iconv utility, manifested when run with "-c" option, in case of incorrect multibyte data processing. CVE-2020-10029 Stack corruption when trigonometric functions...

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

IPFire 2.25 Remote Code Execution

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...

IPFire 2.25 - Remote Code Execution (Authenticated)

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...

IPFire 2.25 - Remote Code Execution (Authenticated) Exploit

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 156 Tested on: parr...

Microsoft Dynamics 365 (on-premises) Update 2.25

Microsoft Dynamics 365 on-premises Update 2.25 Introduction Service Update 2.25 for Microsoft Dynamics CRM on-premises 8.2 is now available. This article describes the hotfixes and updates that are included in Service Update 2.25. More information Update package| Version number ---|--- Microsoft...

Linux / Unix su Privilege Escalation Exploit

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a...