[SECURITY] [DLA 4553-1] policykit-1 security update

Debian LTS Advisory DLA-4553-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson April 29, 2026 https://wiki.debian.org/LTS Package : policykit-1 Version : 0.105-31+deb11u2 CVE ID : CVE-2021-4115 CVE-2026-4897 Debian Bug : 1005784 1132234 Multiple vulnerabilities...

Debian dla-4553 : gir1.2-polkit-1.0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4553 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4553-1 [email protected]...

EUVD-2026-4115

Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through = 1.1.2...

MiracleLinux 8 : polkit-0.115-13.el8.2 (AXSA:2022-3159:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3159:03 advisory. polkit: file descriptor leak allows an unprivileged user to cause a crash CVE-2021-4115 Tenable has extracted the preceding description block directly from t...

MiracleLinux 3 : squid-2.6.STABLE21-7.AXS3 (AXSA:2014-518:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-518:01 advisory. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional...

MiracleLinux 4 : squid-3.1.10-22.AXS4 (AXSA:2014-517:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-517:03 advisory. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional...

TencentOS Server 3: polkit (TSSA-2022:0032)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0032 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2022-4115

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

CVE-2012-4115

The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug...

Alibaba Cloud Linux 3 : 0032: polkit (ALINUX3-SA-2022:0032)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0032 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-4115: There is a flaw in polkit which can...

CVE-2025-4115 Netgear JWNR2000v2 default_version_is_new buffer overflow

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function defaultversionisnew. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this...

Linux Distros Unpatched Vulnerability : CVE-2021-4115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this...

CVE-2024-4115 Tenda W15E AddDnsForward formAddDnsForward stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely...

PHPJabbers Cleaning Business 1.0 - Reflected XSS Vulnerability

Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...

PHPJabbers Cleaning Business 1.0 - Reflected XSS

Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...

CVE-2023-4115

creationtimestamp| type| source ---|---|--- 2023-08-03 12:40:04+00:00| seen| https://t.me/cibsecurity/67635...

CVE-2023-4115

CVE-2023-4115 affects PHP Jabbers Cleaning Business 1.0. The vulnerability is an unauthenticated cross-site scripting via the index parameter in /index.php, enabling an attacker to craft a link that can steal session tokens or credentials. Public templates and reports describe reflected XSS in /i...

CVE-2023-4115 PHP Jabbers Cleaning Business index.php cross site scripting

A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier...

PHPJabbers Cleaning Business 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Tested on: Windows 10 Pro Impact: Manipulate the content o...

CVE-2022-4115

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...