VMware vCenter Server LDAP Broken Access Control

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls. id: CVE-2020-3952 info: name: VMware vCenter Server LDAP Broken Access Control author: 0xAkoko severity: critic...

MINI-258Q-3952-H5CC

Bulletin has no description...

MINI-WPVQ-3952-Q2R7

Bulletin has no description...

MINI-3952-CWF9-RXQ6

Bulletin has no description...

MINI-3QC2-3952-GXCV

Bulletin has no description...

CVE-2022-3952

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...

CVE-2020-3952

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls...

CVE-2011-3952

The decodeinit function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large palette size...

CVE-2013-3952

The fillpipeinfo function in bsd/kern/syspipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROCPIDFDPIPEINFO option to the procinfo system call for a kernel pipe handle...

CVE-2025-3952

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'ptoremovelogo' function in all versions up to, and including, 5.1.16. This makes it possible for...

CVE-2025-3952

CVE-2025-3952: Projectopia – WordPress Project Management plugin (versions

CVE-2025-3952 Projectopia &#8211; WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'ptoremovelogo' function in all versions up to, and including, 5.1.16. This makes it possible for...

WordPress Projectopia plugin <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Option Deletion vulnerability discovered by Chuck in WordPress Plugin Projectopia versions = 5.1.16...

LDAP Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LDAP Information Disclosure', 'Description' = %q This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching f...

VMware VCenter Server Vmdir Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server vmdir Authentication Bypass', 'Description' = %q This module bypasses LDAP authentication in VMware vCenter Server's vmdir...

CVE-2024-3952 Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Advanced Ads – Ad Manager & AdSense Plugin <= 1.52.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Ads – Ad Manager & AdSense Type Plugin Vulnerable versions = 1.52.1 Fixed in 1.52.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3952 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e7fb57cc8591 Credits...

CVE-2022-3952

Summary: CVE-2022-3952 affects ManyDesigns Portofino 5.3.2. The vulnerability is in WarFileLauncher.java:createTempDir, which allows creation of a temporary file in a directory with insecure permissions. This could lead to disclosure of sensitive data. A fix is available in Portofino 5.3.3; patch...

CVE-2022-3952 ManyDesigns Portofino WarFileLauncher.java createTempDir temp file

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...

CVE-2022-3952 ManyDesigns Portofino WarFileLauncher.java createTempDir temp file

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...