RHEL 8 : kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_125_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 (RHSA-2026:28749)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28749 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

CVE-2024-28749

A remote attacker with high privileges may use a writing file function to inject OS commands...

CVE-2024-28749

creationtimestamp| type| source ---|---|--- 2024-07-09 09:44:01+00:00| seen| https://t.me/cvedetector/258...

CVE-2024-28749

CVE-2024-28749 affects ifm electronic Smart PLC AC14xx/AC4xxS via the Write to File function, enabling OS command injections by a remote attacker with elevated privileges. The issue is described as an OS command injection originating from a remote attacker with high privileges; CVSSv3.1 base scor...

CVE-2024-28749 ifm: Writing file function in Smart PLC allows command injections

A remote attacker with high privileges may use a writing file function to inject OS commands...

CVE-2024-28749 ifm: Writing file function in Smart PLC allows command injections

A remote attacker with high privileges may use a writing file function to inject OS commands...

CVE-2023-28749

CVE-2023-28749 : CSRF vulnerability in CM On Demand Search And Replace (WordPress plugin)

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611848008c27 Credits Abd...

CVE-2022-28749

Affected software: Zoom On-Premise Meeting Connector MMR (versions prior to 4.8.113.20220526). Issue: improper permission checking for attendees in the waiting room, enabling a threat actor to join a meeting without the host’s consent. Impact: unauthorized entry into meetings (no host permission)...

CVE-2022-28749 Insufficient Authorization Check During Meeting Join

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host...

WordPress plugin has unspecified vulnerability (CNVD-2021-28749)

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . WordPress plugin WpDataTables - Tables & Table Charts...

maxcdn.com XSS vulnerability

Vulnerable URL: https://www.maxcdn.com/one/filter/?action=xxx=x!%22--!%3E%3CImage%0CSrcset%3DK%0COnerror%3DconfirmOPENBUGBOUNTY%0C Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...