PT-2025-38931

Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 2.6.25 Description The software contains hard-coded credentials, potentially allowing retrieval of embedded sensitive data. Recommendations Update weDevs WP Project Manager to a version later than...

WordPress plugin WP Project Manager 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A vulnerabilit...

SUSE CVE-2008-2372

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service memory consumption via a large number of calls to the getuserpages function, which lacks a ZEROPAGE optimization and results in allocation of "useless newly zeroed pages."...

SUSE CVE-2009-1046

The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service memory corruption by selecting a small number of 3-byte UTF-8 characters, which...

GSD-2022-1008247 ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network

ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...

AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System HIDS due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be...

JCE Editor,2.6.25, XSS (Cross Site Scripting)

JCE Editor Pro, Version 2.6.25 only, XSS Cross Site Scripting Resolution: update to 2.6.26 Update notice: https://www.joomlacontenteditor.net/news/jce-pro-2-6-26-released...

Linux Kernel 2.6.x 'qdisc_run()' Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32985/info The Linux kernel is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users. Versions prior to Linux kernel 2.6.25 ar...

kernel-2.6.25 Local Root Exploit

Exploit for linux platform in category local exploits ==================================================== kernel-2.6.25 Local Root Exploit ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

openswan: buffer overflow vulnerability in XAUTH client-side support

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet...

CVE-2010-3752

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet, a different vulnerability than CVE-2010-3302...

CVE-2010-3752

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet, a different vulnerability than CVE-2010-3302...

[SECURITY] Fedora 11 Update: php-Smarty-2.6.25-1.fc11

Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stre...

Linux Kernel CIFS 'decode_unicode_ssetup()'远程缓冲区溢出漏洞

BUGTRAQ ID: 34612 CNCAN ID：CNCAN-2009042104 Linux是一款开放源代码的操作系统。 Linux Kernel CIFS 'decodeunicodessetup'存在缓冲区溢出，远程攻击者可以利用漏洞使系统崩溃。 在处理unicode字符串域对齐时存在错误，decodeunicodessetup存在不且当的假设，无论何时都进行垫字节处理，因此如果字符串域词对齐的情况下，组合serverDomain字符串的不正确缓冲区大小，可导致内存破坏。 Linux kernel 2.6.29 1 Linux kernel 2.6.29 -git8 Linux...

Linux Kernel 'exit_notify()' CAP_KILL校验本地特权提升漏洞

BUGTRAQ ID: 34405 CNCAN ID：CNCAN-2009040803 Linux是一款开放源代码的操作系统。 Linux exitnotify中CAPKILL检查存在问题，本地攻击者可以利用漏洞提升特权。 无论怎样重置-exitsignal，恶意用户可以绕过检查，使得恶意应用程序可以在退出前执行setuid两进制程序。导致特权提升。 Linux kernel 2.6.29 -git8 Linux kernel 2.6.29 -git1 Linux kernel 2.6.29 Linux kernel 2.6.28 9 Linux kernel 2.6.28 8 Linu...

Linux Kernel 'do_splice_from()'本地安全绕过漏洞

BUGTRAQ ID: 31903 CVE ID：CVE-2008-4554 CNCVE ID：CNCVE-20084554 Linux是一款开放源代码的操作系统。 Linux在执行部分文件操作时'dosplicefrom'函数不正确拒绝文件描述符，本地攻击者可以利用漏洞绕过本地安全限制。 攻击者可以绕过append-only限制，破坏系统文件。 RedHat Fedora 9 0 RedHat Fedora 8 0 Linux kernel 2.6.26 4 Linux kernel 2.6.26 3 Linux kernel 2.6.26 .6 Linux kernel 2.6.26...

Linux Kernel 'SCTP'模块存在漏洞

BUGTRAQ ID: 31121 CVE ID：CVE-2008-3792 CNCVE ID：CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题，本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下： file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...

Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability

CVE-2008-1673 The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue wil...

Linux Kernel TTY操作NULL指针引用拒绝服务漏洞

BUGTRAQ ID: 30076 CVE ID：CVE-2008-2812 CNCVE ID：CNCVE-20082812 Linux是一款开放源代码的操作系统。 Linux TTY操作在主线上的重写存在NULL指针引用问题，本地攻击者可以利用漏洞使系统崩溃。 目前没有详细漏洞细节提供。 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel...

CVE-2008-2372

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service memory consumption via a large number of calls to the getuserpages function, which lacks a ZEROPAGE optimization and results in allocation of "useless newly zeroed pages."...