EUVD-2024-2978

Malicious code in bioql PyPI...

CVE-2024-47836

Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue...

Use of GET Request Method With Sensitive Query Strings

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the moddata module's edit and delete pages. An attacker can access the CSRF token by manipulating the URL parameters. Remediation Upgrade...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks in the messaging web service. An attacker can view other users' names and online statuses by exploiting this flaw. Remediation Upgrade...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to improper handling of user session states during the multi-factor authentication process. An attacker can access sensitive information about other users by exploiting t...

CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section

Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue...

CVE-2024-47836

Admidio CVE-2024-47836 affects versions prior to 4.3.12. The vulnerability is an unsafe deserialization flaw that allows any unauthenticated user to execute arbitrary code on the server. The issue is fixed in version 4.3.12. Public references describe potential impacts (data theft, session hijack...

RHSA-2020:1396 Red Hat Security Advisory: OpenShift Container Platform 4.3.12 podman security update

Bulletin has no description...

GL.iNet多款产品 安全漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet GL.iNet.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in various GL.iNet products. The vulnerability stems from the fact that an attack...

PT-2023-31106 · Getsocial.Io · Social Share Buttons & Analytics Plugin

Name of the Vulnerable Software and Affected Versions: Social Share Buttons & Analytics Plugin – GetSocial.Io versions n/a through 4.3.12 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XS...

SUSE-SU-2022:3571-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant bsc1197818...

Typo3 XSS Vulnerabilities

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message...

GHSA-H86G-796F-HHFQ Typo3 XSS Vulnerabilities

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message...

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

PT-2022-7650 · Puma +11 · Puma +11

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 4.3.12 Puma versions prior to 5.6.4 Description: The issue is related to the handling of HTTP requests in Puma, a server for Ruby/Rack applications. When Puma is used behind a proxy that does not properly validate...

NTPd < 4.2.8p2, 4.3.x < 4.3.12 Keygen Vulnerability

NTPd is prone to a vulnerability in ntp-keygen. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription...

CVE-2019-12518

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability...

Anviz CrossChex 4.3.12 Local Buffer Overflow

Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 = V4.3.12 Tested on: 4.3.8.0, 4.3.12 CVE : N/A...

Anviz CrossChex 4.3.12 - Local Buffer Overflow

Anviz CrossChex 4.3.12 - Local Buffer Overflow Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 ...

Anviz CrossChex 4.3.12 - Local Buffer Overflow

Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 = V4.3.12 Tested on: 4.3.8.0, 4.3.12 CVE : N/A...