18 matches found
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...
CVE-2022-20525
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...
CVE-2023-38120
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2023-38120
The CVE-2023-38120 entry describes a vulnerability in the Adtran SR400ac where the ping command, exposed via JSON-RPC, accepts a crafted host parameter that can cause a system call from a user-supplied string, enabling code execution as root. The flaw is reachable over the network and requires au...
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...
CVE-2023-20525
The CVE-2023-20525 issue affects the AMD Secure Processor (ASP) Bootloader: it is caused by insufficient syscall input validation that can allow a privileged attacker to read memory outside mapped register bounds, potentially causing a denial of service. Public details identify the affected compo...
CVE-2022-20525
creationtimestamp| type| source ---|---|--- 2022-12-16 18:37:31+00:00| seen| https://t.me/cibsecurity/54730...
CVE-2022-20525
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20525
CVE-2022-20525 affects Android 13 and points to a permissions bypass in enforceVisualVoicemailPackage inside PhoneInterfaceManager.java, causing a leak of the visual voicemail package name. The impact is local elevation of privilege with no extra execution privileges and no user interaction requi...
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit
Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability. Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor...
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass
Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Date: 07/03/2022 Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
CVE-2019-20525
CVE-2019-20525 affects Ignite Realtime Openfire 4.4.1, which is vulnerable to cross-site scripting via the setup/setup-datasource-standard.jsp driver parameter. The issue’s root cause is an XSS vector in that parameter handling. A fix exists in Openfire 4.4.2, per multiple advisories (including G...
CVE-2018-20525
CVE-2018-20525 affects Roxy Fileman 1.4.5, enabling directory traversal via copydir.php, copyfile.php, and fileslist.php. Public write-up and exploit references (e.g., Exploit-DB, PacketStorm) describe or imply abuse for arbitrary directory access via directory traversal and related upload bypass...
Roxy Fileman 1.4.5 File Upload / Directory Traversal
====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525,...
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525,...