20 matches found
CVE-2025-29449
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function...
CVE-2025-29449
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function...
CVE-2025-29449
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function...
CVE-2024-29449
...
CVE-2024-29449
CVE-2024-29449 is not a publicly usable vulnerability; connected PT-2024-22905 reports a ROS2 Humble Hawksbill issue where cleartext transmission between ROS2 nodes enables potential MITM access to sensitive data. Affected: ROS2 Humble Hawksbill version 2. Root cause: unencrypted inter-node commu...
CVE-2023-29449
creationtimestamp| type| source ---|---|--- 2023-07-13 12:47:28+00:00| seen| https://t.me/cibsecurity/66637...
CVE-2023-29449
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...
CVE-2023-29449
CVE-2023-29449 affects Zabbix frontend components related to JavaScript preprocessing, webhooks and global scripts. The issue is described as causing uncontrolled CPU, memory, and disk I/O utilization when these features are configured or tested, with access restricted to Administrative roles (Ad...
CVE-2023-29449
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...
CVE-2022-29449 WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerability in Opal Hotel Room Booking plugin = 1.2.7 at WordPress...
CVE-2022-29449 WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerability in Opal Hotel Room Booking plugin = 1.2.7 at WordPress...
CVE-2022-29449
The CVE-2022-29449 entry concerns the WordPress Opal Hotel Room Booking plugin up to version 1.2.7. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw in a parameter that is not properly sanitized/escaped, allowing users with contributor+ roles to inject JavaScript that ...
Metasploit Wrap-Up
New Olympic Discipline: Hive Hunting This week, community contributor Hakyac added a new Olympic discipline to Metasploit exploit sport category, which is based on the work of community security researchers @jonasLyk and Kevin Beaumont. The rules are simple: You need to abuse a flaw in Windows 10...
Pi-Hole Remove Commands Linux Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...
Pi-Hole Remove Commands Linux Privilege Escalation Exploit
Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since...
Pi-Hole Remove Commands Linux Priv Esc
Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is...
CVE-2021-29449
creationtimestamp| type| source ---|---|--- 2021-07-29 16:46:46+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/piholeremovecommandslpe.rb 2021-09-21 04:42:01+00:00| seen| https://t.me/pwnwikizhchannel/807 2025-02-06 03:13:45+00:00| seen|...
Pi-hole Core < 5.3 Multiple Privilege Escalation Vulnerabilities
Pi-hole Core is prone to multiple privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-29449
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...
CVE-2021-29449
Pi-hole core up to 5.3 is affected by multiple privilege-escalation vulnerabilities. The root cause is improper validation of command-line parameters passed to sed in removecustomcname, removecustomdns, and removestaticdhcp, which can be exploited when executed as the www-data user in the sudoers...