Tiki Wiki CMS Groupware 5.2 - Local File Inclusion

Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. id: CVE-2010-4239 info: name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion author: 0xakoko severity: critical description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability...

CVE-2026-4239

A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...

CVE-2023-4239

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'remsaveprofilefront' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

DLA-4239-1 thunderbird - security update

Bulletin has no description...

CVE-2010-4239

Tiki Wiki CMS Groupware 5.2 has Local File Inclusion...

CVE-2025-4239

creationtimestamp| type| source ---|---|--- 2025-05-03 17:17:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14698 2025-05-03 18:06:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lobwjlhxun2h 2025-05-03 19:37:34+00:00| seen|...

CVE-2025-4239

A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2024-4239 Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The...

CVE-2023-4239

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'remsaveprofilefront' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

CVE-2023-4239

CVE-2023-4239 concerns the WordPress plugin “Real Estate Manager.” The vulnerability, present in versions up to and including 6.7.1, arises from insufficient restriction on the rem_save_profile_front function, allowing an authenticated user with minimal privileges (e.g., a subscriber) to modify t...

CVE-2023-4239 Real Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'remsaveprofilefront' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

WordPress Real Estate Manager Plugin <= 7.2 is vulnerable to Broken Access Control

Software Real Estate Manager Type Plugin Vulnerable versions = 7.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4239 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9d7a1725ab48 Credits Lana Codes Required privileg...

SUSE CVE-2013-4239

The xenDaemonListDefinedDomains function in xen/xendinternal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service memory corruption and crash via vectors involving the virConnectListDefinedDomains API function...

SUSE CVE-2016-4239

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...

CVE-2021-4239

creationtimestamp| type| source ---|---|--- 2022-12-28 00:12:07+00:00| seen| https://t.me/cibsecurity/55454...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239 Weak encryption and denial of service in github.com/flynn/noise

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239

The CVE-2021-4239 issue concerns the Noise protocol implementation (notably the Go language package by Flynn). Affected behavior: after encrypting 2^64 messages, the nonce counter can wrap, causing multiple messages to be encrypted with the same key and nonce, enabling weakened cryptographic secu...

CVE-2022-4239

creationtimestamp| type| source ---|---|--- 2022-12-26 21:23:28+00:00| seen| https://t.me/cibsecurity/55363...

CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...