MINI-5952-HVXC-GGF8

Bulletin has no description...

CVE-2025-5952

A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2025-5952

creationtimestamp| type| source ---|---|--- 2025-06-10 05:29:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17829 2025-06-10 05:30:35+00:00| published-proof-of-concept| Telegram/fpCirrWp0oU0Ex5TyvxTvRDfboiqPgLEDt6DbVLmZ6Csc...

CVE-2025-5952

The CVE-2025-5952 issue affects Zend.To up to version 6.10-6 Beta, specifically the NSSDropoff.php file where manipulation of the file_1 argument in the exec function enables os command injection. The vulnerability is remote, with public exploits, and affects older Zend.To releases. Remediation p...

CVE-2023-5952

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2024-5952

Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability...

CVE-2024-5952 Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability

Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability...

CVE-2023-5952

creationtimestamp| type| source ---|---|--- 2023-12-23 10:21:46+00:00| seen| https://t.me/ctinow/158755...

CVE-2023-5952

The CVE-2023-5952 entry concerns the Welcart e-Commerce WordPress plugin prior to version 2.9.5. Affected component/process: the plugin unserializes user input from cookies, enabling PHP Object Injection when a suitable gadget is present on the blog. Root cause: untrusted cookie deserialization i...

USN-5952-1: OpenJPEG vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly u...

Ubuntu: Security Advisory (USN-5952-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-5952

CVE-2015-5952 affects Thomson Reuters FATCA; all versions below 5.2 are vulnerable to Local File Inclusion via the item parameter, enabling inclusion of local files and potential command execution. Exploitation details appear in zdt/packetstorm references; mitigation implied by upgrading to v5.2 ...

CVE-2016-5952

CVE-2016-5952 affects IBM Kenexa LCMS Premier on Cloud, with a SQL injection flaw that could let an attacker view, add, modify, or delete data in the back-end DB. The IBM Security Bulletin (LCMS Premier on Cloud 10.1) lists affected versions 9.0 through 10.0 and states the issue has been addresse...

Thomson Reuters FATCA Local File Inclusion

Title: Thomson Reuters FATCA - Local File Inclusion Author: Jakub Pałaczyński Date: 10. June 2015 CVE: CVE-2015-5952 Affected software: ================== All versions of Thomson Reuters FATCA below v5.2 Exploit was tested on: ====================== Thomson Reuters FATCA v5.1.0.30 Description:...

CVE-2013-5952

CVE-2013-5952 affects the Freichat (com_freichat) Joomla! component (likely 9.4 and earlier). The vulnerability is multiple XSS flaws triggered via user-supplied input: id or xhash parameters to client/chat.php, or toname parameter to client/plugins/upload/upload.php. Root cause: input not proper...

Joomla! FreiChat组件"id"跨站脚本漏洞

CVE ID：CVE-2013-5952 Joomla!是一款内容管理系统。 由于通过"id" GET参数传递到client/chat.php的输入在被返回用户前没有正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 FreiChat 9.x component for Joomla! 目前没有详细解决方案提供： http://www.joomla.org...

CVE-2012-5952

CVE-2012-5952 affects IBM WebSphere Message Broker: 6.1 prior to 6.1.0.12, 7.0 prior to 7.0.0.6, and 8.0 prior to 8.0.0.2. The issue is that basic authentication credentials are not validated before proceeding to WS-Addressing and WS-Security operations, which can allow remote attackers to trigge...

CVE-2008-5952

creationtimestamp| type| source ---|---|--- 2008-11-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/7305...

CVE-2007-5952

The vulnerability CVE-2007-5952 targets Helios Calendar 1.2.1 Beta, affecting the admin/index.php component. It is a Cross-site Scripting (XSS) flaw that allows an attacker to inject arbitrary script or HTML through the username parameter. The root cause is unvalidated input in the username field...