CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...

CVE-2025-24144

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state...

CVE-2025-24144

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state...

CVE-2024-9729

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target mus...

CVE-2024-9729

CVE-2024-9729 – Trimble SketchUp Viewer SKP File Parsing Use-After-Free : The vulnerability stems from parsing SKP files in SketchUp Viewer, where the code fails to validate an object's existence before operations, enabling a use-after-free that can lead to arbitrary code execution. Exploitation ...

CVE-2023-24144

creationtimestamp| type| source ---|---|--- 2023-02-03 18:20:51+00:00| seen| https://t.me/cibsecurity/57458...

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function...

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function...

CVE-2023-24144

CVE-2023-24144 affects TOTOLINK CA300-PoE, specifically firmware version V6.2c.884. The vulnerability is a command injection in the hour parameter of the setRebootScheCfg function, allowing an attacker to execute arbitrary commands. CVSS v3.1 metrics shown: AV Network, AC Low, PR None, UI None, S...

CVE-2022-24144

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters...

CVE-2022-24144

CVE-2022-24144 affects Tenda AX3 routers with firmware v16.03.12.10_CN. A command-injection flaw in WanParameterSetting lets an attacker execute arbitrary commands via gateway, dns1, and dns2 parameters over the network. Severity is high (CVSS v3.1: 9.8, network attack vector, no authentication, ...

CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...

CVE-2020-24144

CVE-2020-24144 concerns a directory traversal in the WordPress plugin “Media File Organizer” (version 1.0.1 and earlier). The vulnerability arises from the plugin’s move operation failing to properly filter/sanitize user-supplied input, allowing an attacker to access files stored outside the web ...

CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...

CVE-2021-24144

The CVE-2021-24144 issue affects the WordPress plugin Contact Form 7 Database Addon (CFDB7). Unvalidated input in CFDB7 prior to version 1.2.5.6 allows injection of arbitrary formulas into CSV exports/files. Affected component: CFDB7 CSV export handling; root cause: input validation weakness lead...

Product update: Virtuozzo Infrastructure Platform 2.5 Update 8 (2.5.0-1680)

This update enables upgrade to the new major version 3.0 and provides important system fixes. Vulnerability id: VSTOR-23308 Journald could get stuck, waiting endlessly for "--verify" to complete and stalling services in an unresponsive state. Vulnerability id: VSTOR-23898 Under certain...

Apple Mac OSX - mDNSResponder UPnP Location Overflow (Metasploit)

$Id: upnplocation.rb 11515 2011-01-08 01:12:15Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Mac OS X mDNSResponder UPnP Location Overflow

This module exploits a buffer overflow that occurs when processing specially crafted requests set to mDNSResponder. All Mac OS X systems between version 10.4 and 10.4.9 without the 2007-005 patch are affected. This module requires Metasploit: https://metasploit.com/download Current source:...