156 matches found
PT-2025-95: Local Privilege Escalation (LPE) in Red Shield VPN
The vulnerability was identified in Red Shield VPN , versions 3.3.7. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.04.2025 Recommendations: Update to version 3.5.7 ...
OESA-2025-1435 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
WordPress plugin Instantio 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
OESA-2025-1412 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
OESA-2025-1411 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection Vulnerability
CVE-2024-13488 LTL Freight Quotes – Estes Edition = 5.6 AND error-based - WHERE, HAVING...
LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection
LTL Freight Quotes – Estes Edition versions 3.3.7 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13488 LTL Freight Quotes – Estes Edition = 3.3.7 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Estes Edition plugin for WordPress is...
CVE-2024-13485
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress plugin LTL Freight Quotes – Estes Edition SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2020-13568
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/editgroup.php, when the POST parameter action is “Submit”, the POST parameter parentid leads to a SQL...
WordPress Instantio plugin <= 3.3.7 - Settings Change vulnerability
Settings Change vulnerability discovered by Mika in WordPress Plugin Instantio versions = 3.3.7...
openSUSE 15 Security Update : cobbler (openSUSE-SU-2024:0370-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0370-1 advisory. Update to 3.3.7 Security: Fix issue that allowed anyone to connect to the API as admin CVE-2024-47533, boo1231332 bind - Fix bug that prevents cname...
Malicious code in @neo-ds/neo-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6d3d5e2f6b432e3a4491b74a6c06d176dcf93aa9cf419db326cea281b530044b The OpenSSF Package Analysis project identified '@neo-ds/neo-utils' @ 3.3.7 npm as malicious. It is considered malicious because: - The package...
MAL-2024-11251 Malicious code in @neo-ds/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb7303825f9830a20957d406c7a1b9193816b17c907592e4fa1e8a6fa48c61e3 The OpenSSF Package Analysis project identified '@neo-ds/components' @ 3.3.7 npm as malicious. It is considered malicious because: - The package...
openSUSE Security Advisory (openSUSE-SU-2024:0382-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : cobbler (2024-a6f0ade1d3)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a6f0ade1d3 advisory. Update to 3.3.7 - CVE-2024-47533 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora: Security Advisory (FEDORA-2024-a6f0ade1d3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:14512-1 cobbler-3.3.7-1.1 on GA media
These are all security issues fixed in the cobbler-3.3.7-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-47533
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...
UBUNTU-CVE-2024-47533
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...