PT-2025-48449

Name of the Vulnerable Software and Affected Versions nopCommerce versions prior to 4.80.3 Description The software does not invalidate session cookies after logout or session termination. This allows an attacker with a valid session cookie to access privileged endpoints, such as '/admin', even...

CVE-2024-32008

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...

CVE-2024-32009

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges...

EUVD-2022-15802

Malicious code in bioql PyPI...

EUVD-2024-17427

Malicious code in bioql PyPI...

WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability

Broken Access Control to XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin SP Project & Document Manager versions = 4.70...

WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.69 Fixed in 4.70 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-24868 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 55e058d86d8c Credits Yudistira Arya Required privilege...

Zyxel USG/ZyWALL 跨站脚本漏洞

Zyxel USG/ZyWALL is a firewall from China's Heqin Technology Zyxel. A cross-site scripting vulnerability exists in the CGI program in Zyxel USG/ZyWALL versions 4.35-4.70, USG FLEX 4.50-5.20, ATP 4.35-5.20, and VPN 4.35-5.20, which stems from the presence of an input validation error, and can be...

PT-2013-1741 · Trimble · Trimble Infrastructure Gnss Series Receivers Netr9 +4

Name of the Vulnerable Software and Affected Versions: Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 versions prior to 4.70 Trimble Infrastructure GNSS Series Receivers NetRS versions prior to 1.3-2 Description: A cross-site scripting XSS issue in the Receiver Web Us...

CVE-2012-5671

Heap-based buffer overflow in the dkimeximquerydnstxt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and aclsmtpconnect and aclsmtprcpt are not set to "warn control = dkimdisableverify," allows remote attackers to execute arbitrary code via an email from a malicious DN...

Exim 4.70 - 4.80 DKIM DNS Record Parsing Remote Buffer Overflow

According to its banner, the version of Exim running on the remote host is between 4.70 and 4.80 inclusive. It therefore is potentially affected by a remote, heap-based buffer overflow vulnerability when decoding DKIM DomainKeys Identified Mail DNS records that can be triggered by a specially...

Golden FTP 4.70 Overflow

!/usr/bin/python Exploit Title: GoldenFTP 4.70 PASS overflow exploit v2.5 Date: July 8, 2011 Author: Joff Thyer [email protected] Software Link: http://www.goldenftpserver.com/ Version: 4.70 Tested on: WinXP-SP0/SP2/SP3 CVE: 2006-6576 based on exploit by: Craig Freyman cd1zz and Gerardo Iglesias...

CVE-2010-4344

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging...

[Full-disclosure] Secunia Research: ADOdb Insecure Test Scripts Security Issues

====================================================================== Secunia Research 09/01/2006 - ADOdb Insecure Test Scripts Security Issues - ====================================================================== Table of Contents Affected...

Design/Logic Flaw

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...