MiracleLinux 8 : thunderbird-102.8.0-2.el8.ML.1 (AXSA:2023-5135:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5135:10 advisory. Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes...

CVE-2025-5135

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...

CVE-2025-5135

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...

CVE-2025-5135

creationtimestamp| type| source ---|---|--- 2025-05-24 22:45:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17497 2025-05-24 23:11:46+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpxb7kdrdlo2 2025-05-25...

CVE-2025-5135

CVE-2025-5135 affects Tmall Demo up to 20250505. The vulnerability is an XSS in the Product Details Page, triggered by manipulating the Product Name/Product Title in the file path /tmall/admin/. The issue concerns some unknown functionality of that admin path and is exploitable remotely; the expl...

CVE-2013-5135

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2008-5135

os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/mounted-map or 2 /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-roo...

CVE-2024-5135

creationtimestamp| type| source ---|---|--- 2025-02-21 22:10:44+00:00| seen| Telegram/kfgwvg9NjcCwPJDkseCPPCOjCwtVPeT8N6vQFHTzYs6aahDP...

389-ds:1.4 security update

1.4.3.39-3 - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix 1.4.3.39-2 - Bump version to 1.4.3.39-2 - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to...

CVE-2024-5135

A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2023-5135 Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5135

CVE-2023-5135 concerns the WordPress plugin “Simple Cloudflare Turnstile.” A stored XSS flaw exists in versions up to and including 1.23.1 due to insufficient input sanitization and output escaping on user-supplied attributes in the gravity-simple-turnstile shortcode. Exploitation requires an aut...

WordPress Simple Cloudflare Turnstile Plugin <= 1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Cloudflare Turnstile Type Plugin Vulnerable versions = 1.23.1 Fixed in 1.23.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5135 Patch priority Low CVSS severity Low 6.5 Developer RelyWP PSID 89023cff61f7 Credits Lana Codes Required...

K8106: OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K22494544: SNMP Incorrect Access Control vulnerability CVE-2017-5135

Security Advisory Description Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from th...

Debian: Security Advisory (DSA-5135-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : Linux kernel vulnerability (USN-5135-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5135-1 advisory. It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of...

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcomin...

RHEL 8 : firefox (RHSA-2020:5135)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5135 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to versi...