📄 WordPress Project Notebooks 1.1.4 Remote Code Execution

Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...

MiracleLinux 7 : java-11-openjdk-11.0.19.0.7-1.el7 (AXSA:2023-5304:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5304:06 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

Exploit for Missing Authorization in Ptoffice Pt_Project_Notebooks

CVE-2025-5304 PT Project Notebooks 1.0.0 - 1.1.3 - Missing Aut...

CVE-2025-5304

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnbptonewusersadd function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator...

CVE-2025-5304

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnbptonewusersadd function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator...

CVE-2025-5304 PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnbptonewusersadd function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator...

CVE-2019-5304

creationtimestamp| type| source ---|---|--- 2024-03-19 12:11:09+00:00| seen| https://t.me/ctinow/211392...

Malicious code in wlwz-2312-5304 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3ba648c7e474e73530335ba64bd5e355e721b33e911827062ac9a76dc100ade Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

openssl security update

1:3.0.7-25.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evpproperties section in main OpenSSL configuration fi...

CVE-2023-5304

A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. Th...

CVE-2023-5304

CVE-2023-5304 affects Online Banquet Booking System 1.0. The vulnerability is a cross-site scripting (XSS) flaw in the file /book-services.php within the Service Booking component, caused by manipulating the message parameter. The attack is described as exploitable remotely. Documented impact is ...

Debian: Security Advisory (DSA-5304-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : PolicyKit vulnerability (USN-5304-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5304-1 advisory. Kevin Backhouse discovered that PolicyKit incorrectly handled file descriptors. A local attacker could possibly use this issue to cause PolicyKit to crash,...

CVE-2020-5304

CVE-2020-5304 affects WhiteSource Application Vulnerability Management (AVM) prior to version 20.4.1. The vulnerability allows log injection by sending a %0A%0D substring in the idp parameter to the /saml/login URI, which can close the current log and create a new log line with attacker-controlle...

Huawei Data Communication: Improper Authentication Vulnerability in Some Huawei CloudEngine Products (huawei-sa-20190918-01-authentication)

There is an improper authentication vulnerability in some Huawei CloudEngine products. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2010-5304

creationtimestamp| type| source ---|---|--- 2020-02-05 22:35:07+00:00| seen| Telegram/xNSM3IppOEQ6c1Wtm7klPJpdOMQ6QEyCIh3iNRO0T0sMQ...

CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client...

CVE-2010-5304

CVE-2010-5304 is a NULL pointer dereference in LibVNCServer before 0.9.9 when processing certain ClientCutText messages, allowing a remote attacker to crash the VNC server by sending a crafted ClientCutText. Public references in SUSE and Fedora advisories show fixes in later packages (e.g., libvn...

CVE-2019-5304

CVE-2019-5304 affects Huawei devices and is rooted in insufficient input validation for MPLS Echo Request messages, causing a buffer error that can allow an unauthenticated remote attacker to reset the device. Documents designate affected products broadly as Huawei switches/routers and related Cl...

Security Advisory - Buffer Error Vulnerability in Some Huawei Products

There is a buffer error vulnerability in some Huawei products. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset...