CVE-2022-4856

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely...

CVE-2013-4856

D-Link DIR-865L has Information Disclosure...

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...

CVE-2024-4856

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

CVE-2024-4856 FS Product Inquiry <= 1.1.1 - Reflected XSS

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

CVE-2024-4856

CVE-2024-4856 refers to the FS Product Inquiry WordPress plugin (versions ≤ 1.1.1) and describes a reflected XSS flaw. The vulnerability arises from not sanitising/escaping a parameter before echoing it on the page, potentially impacting admins or unauthenticated users. Public sources corroborate...

CVE-2024-4856 FS Product Inquiry <= 1.1.1 - Reflected XSS

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

WordPress FS Product Inquiry Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software FS Product Inquiry Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4856 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 989359976d53 Credits Bob Matyas Requir...

Stack overflow

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function formDelWlRfPolicy...

CVE-2023-51090

CVE-2023-51090 affects Tenda M3, specifically version 1.0.0.12(4856). The vulnerability is a stack overflow in the formGetWeiXinConfig function, caused by improper input validation/size handling, which can lead to arbitrary code execution or a denial of service. Public references from CNVD and CN...

CVE-2023-51093

The CVE-2023-51093 entry concerns a stack overflow in Tenda M3 V1.0.0.12(4856) caused by the fromSetLocalVlanInfo function. Affected component: fromSetLocalVlanInfo in the M3 firmware; root cause is improper input validation leading to a stack overflow. Impact is described as potential remote cod...

PT-2023-31761 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.124856 Description: A stack overflow issue was discovered via the function formGetWeiXinConfig. Recommendations: For Tenda M3 version 1.0.0.124856, as a temporary workaround, consider disabling the formGetWeiXinConfig...

CVE-2022-4856

creationtimestamp| type| source ---|---|--- 2022-12-30 12:13:48+00:00| seen| https://t.me/cibsecurity/55547...

CVE-2022-38562

CVE-2022-38562 affects Tenda M3 V1.0.0.12(4856). The issue is a heap buffer overflow in the formSetFixTools function, enabling a Denial of Service via the lan parameter. Affected software/hardware: Tenda M3 router (V1.0.0.12/4856). Root cause: heap buffer overflow in formSetFixTools. Impact: DoS ...

CVE-2022-38565

CVE-2022-38565 affects Tenda M3 V1.0.0.12(4856). A heap buffer overflow in the formEmailTest function can allow an attacker to cause a Denial of Service via the mailpwd parameter. Public sources (PT-2022-24459 and Red Hat/NVD entries) confirm the affected software and impact. Mitigation/workaroun...

CVE-2022-38566

CVE-2022-38566 affects Tenda M3, version 1.0.0.12(4856). The issue is a heap buffer overflow in the formEmailTest function when processing the mailname parameter, leading to Denial of Service. Sources consistently describe a DoS impact with no indicated remote code execution. The vulnerability is...

CVE-2022-38563

CVE-2022-38563 affects Tenda M3 firmware v1.0.0.12(4856). A heap buffer overflow in the function formSetFixTools allows an attacker to cause a Denial of Service via the MACAddr parameter. CVE metrics indicate network exposure with a high impact on availability (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C...

CVE-2022-38568

The CVE-2022-38568 entry refers to a heap buffer overflow in Tenda M3 v1.0.0.12(4856) specifically in the formSetFixTools function, exploitable to cause a DoS via the hostname parameter. Public documents confirm the affected software and root cause; no exploitation details are provided in the sou...

PT-2022-24456 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.124856 Description: A heap buffer overflow issue was found in the formSetFixTools function, allowing attackers to cause a Denial of Service DoS by exploiting the lan parameter. Recommendations: For Tenda M3 version...

RHEL 8 : postgresql:12 (RHSA-2022:4856)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4856 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version:...