CVE-2019-20556

An issue was discovered on Samsung mobile devices with P9.0 SM6150, SM8150, SM8150FUSION, exynos7885, exynos9610, and exynos9820 chipsets software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 October 2019...

CVE-2022-20556

In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...

CVE-2018-20556

SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the bookingid parameter...

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-34278 D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-34278

CVE-2023-34278 concerns the D-Link DIR-2150 router. The vulnerability lies in the SOAP API interface (listening on port 80) where a user-supplied string is not properly validated before being used in a system call, allowing a network-adjacent attacker to execute code with root privileges. Authent...

CVE-2023-34278 D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-20556

creationtimestamp| type| source ---|---|--- 2023-08-08 22:14:21+00:00| seen| https://t.me/cibsecurity/68026...

CVE-2023-20556

CVE-2023-20556 involves AMD μProf. The issue is insufficient validation of the IOCTL input buffer, which could allow an authenticated user to send an arbitrary buffer and cause a Windows crash, leading to a denial of service (DoS). AMD’s bulletin AMD-SB-7003 confirms affected product is AMD μProf...

CVE-2022-20556

In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...

CVE-2022-20556

The provided documents confirm CVE-2022-20556 affects Android 13, where a missing permission check in launchConfigNewNetworkFragment of NetworkProviderSettings.java allows a guest user to add a new WiFi network. This enables local elevation of privilege with no extra execution privileges required...

WordPress Booking Calendar Plugin SQL Injection (CVE-2018-20556)

A command execution vulnerability exists in WordPress Plugin Booking Calendar . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2019-20556

An issue was discovered on Samsung mobile devices with P9.0 SM6150, SM8150, SM8150FUSION, exynos7885, exynos9610, and exynos9820 chipsets software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 October 2019...

CVE-2019-20556

The CVE-2019-20556 entry concerns Samsung mobile devices with Android 9.0 (P) on specific chipsets (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, exynos9820). The issue is a memory corruption in the RKP (root key protection) path that permits an attacker to control the effective address ...

CVE-2018-20556

SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the bookingid parameter...

CVE-2018-20556

SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the bookingid parameter...

CVE-2018-20556

CVE-2018-20556 is a SQL injection vulnerability in the WordPress plugin Booking Calendar (version 8.4.3). The flaw allows an attacker to manipulate the booking_id parameter to execute arbitrary SQL commands on the underlying database, potentially exposing data. Multiple connected sources corrobor...

WordPress Booking Calendar 8.4.3 Plugin - Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...