79 matches found
WSO2 User Registration - Arbitrary Account Creation
The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...
CVE-2026-7097
creationtimestamp| type| source ---|---|--- 2026-05-27 16:07:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmtvavp63q2h...
CVE-2026-7097
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been...
CVE-2026-7097 Tenda F456 httpd webExcptypemanFilter fromwebExcptypemanFilter buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003486)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003486 advisory. The simplesetacl function in fs/posixacl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allow...
MAL-2025-7097 Malicious code in @augloop/types-core (npm)
The package @augloop/types-core was found to contain malicious code...
CVE-2025-7097 Comodo Internet Security Premium Manifest File cis_update_x64.xml os command injection
A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file cisupdatex64.xml of the component Manifest File Handler. The manipulation of the argument binary/params leads to os command...
CVE-2025-7097
creationtimestamp| type| source ---|---|--- 2025-07-05 15:48:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114801408959718148 2025-07-07 01:20:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltdmmmavla2p...
CVE-2024-7097
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...
CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...
CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...
CVE-2006-7097
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors...
Linux Distros Unpatched Vulnerability : CVE-2016-7097
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileg...
VulnCheck KEV: CVE-2024-7097
The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings...
CVE-2024-7097
creationtimestamp| type| source ---|---|--- 2025-01-15 12:42:27+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-7097.yaml 2025-01-19 21:02:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lg4pub2zlq2x 2025-02-02...
Adobe Dreamweaver 18.0.0 < 18.2.1 / 19.0 < 19.1 Sensitive data disclosure if SMB request is subject to a relay attack (APSB19-21) (macOS)
The version of Adobe Dreamweaver installed on the remote macOS host is prior to 18.2.1, 19.1. It is, therefore, affected by a vulnerability as referenced in the APSB19-21 advisory. - Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful...
CVE-2023-7097
The CVE-2023-7097 entry concerns code-projects Water Billing System 1.0, with a vulnerability in the /addbill.php file. The underlying flaw is SQL injection triggered by manipulating the owners_id parameter, enabling remote exploitation. Multiple connected sources confirm the issue, its remote ex...
CVE-2023-7097 code-projects Water Billing System addbill.php sql injection
A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument ownersid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...
Debian: Security Advisory (DLA-772-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K31603170: Linux kernel vulnerability CVE-2016-7097
Security Advisory Description The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097...