58 matches found
CVE-2018-6926
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems where rhshellfix was enabled, and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by th...
MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2025-6926
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2...
CVE-2025-6926
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2...
CVE-2025-6926 Security Authentication Bypass in CentralAuth
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2...
CVE-2025-6926
CVE-2025-6926 affects MediaWiki with the CentralAuth extension, where an improper authentication flow permits bypassing login restrictions. Affected ranges (as stated) include CentralAuth before 1.39.13, before 1.42.7, and before 1.43.2. Debian/LTS advisories also list this CVE among others in me...
CVE-2025-6926 Security Authentication Bypass in CentralAuth
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2...
CVE-2025-6926
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2...
CVE-2006-6926
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress Viral Signup Plugin <= 2.1 is vulnerable to SQL Injection
Software Viral Signup Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6926 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bccf241bb1d7 Credits Project Black Required privilege Unauthenticated...
Ubuntu: Security Advisory (USN-6926-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CGA-9QFH-6926-6GRF
Bulletin has no description...
CGA-93FG-W3GC-6926
Bulletin has no description...
CVE-2023-6926 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-300
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access...
CVE-2023-6926
CVE-2023-6926 concerns an OS command injection in Crestron AM-300 firmware version 1.4499.00018. A limited-access user over SSH could escalate privileges to root. Affected product: Crestron AM-300 (firmware 1.4499.00018). Reported CVSS/metrics indicate high impact with local, low-privilege, non-u...
CVE-2023-6926 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-300
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access...
CVE-2020-6926
HP Device Manager contains CVE-2020-6926: an unauthenticated RMI vulnerability that enables remote access to resources and, via an RMI call, can inject HQL that executes SQL on the bundled PostgreSQL database. Affected products/versions include HP Device Manager 4.x before 4.7 SP13 and 5.x before...
HP Device Manager Unauthenticated 'HPDM Server RMI' SQLi (CVE-2020-6926) (remote)
Binary data hpdevicemanagerrmiunauthenticated.nbin...
CVE-2020-6926
creationtimestamp| type| source ---|---|--- 2020-10-06 17:36:53+00:00| seen| https://t.me/canyoupwnme/6641 2020-10-08 11:11:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1878...