83 matches found
EUVD-2026-3250
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...
CVE-2025-54166
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...
Advantech TP-3250 Denial of Service Vulnerability
Advantech TP-3250 is a printer from Advantech, China. The Advantech TP-3250 suffers from a denial of service vulnerability due to a heap corruption flaw in DrvUIx64Advantech.dll when DocumentPropertiesW is called with a valid dmDriverExtra but outputs a buffer. An attacker can exploit this...
CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
EUVD-2025-197648
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
Advantech TP-3250 安全漏洞
Advantech TP-3250 is a printer from Advantech, China. The Advantech TP-3250 suffers from a denial of service vulnerability due to a heap corruption flaw in DrvUIx64Advantech.dll when DocumentPropertiesW is called with a valid dmDriverExtra but outputs a buffer. An attacker can exploit this...
PT-2025-47004
Name of the Vulnerable Software and Affected Versions Advantech TP-3250 printer driver versions v0.3.9200.20789 Description A heap corruption issue exists in the Advantech TP-3250 printer driver’s DrvUI x64 ADVANTECH.dll component. The issue occurs when the DocumentPropertiesW function is called...
CVE-2013-3250
Cross-site request forgery CSRF vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...
CVE-2025-3250
A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...
CVE-2025-3250
creationtimestamp| type| source ---|---|--- 2025-04-04 15:36:46+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10466 2025-04-04 18:01:13+00:00| seen| https://t.me/cvedetector/22128...
CVE-2025-3250
CVE-2025-3250 affects elunez eladmin 2.7, specifically deserialization in the Maintenance Management Module’s /api/database/testConnect endpoint. Publicly disclosed exploit suggests remote access is possible. Several connected sources corroborate a deserialization flaw in an unknown functionality...
CVE-2025-3250 elunez eladmin Maintenance Management Module testConnect deserialization
A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...
Linux Distros Unpatched Vulnerability : CVE-2014-3250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain...
RHEL 6 : puppet (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - puppet: incorrect URL decoding CVE-2016-2785 - The default vhost configuration file in Puppet before 3.6....
Pebble service manager's file pull API allows access by any user
Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...
GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user
Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...
CVE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...
CVE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...