47 matches found
CVE-2026-7413 Persistent undocumented backdoor access in Yarbo robot
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated or weakly authenticated access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates...
CVE-2026-7413
creationtimestamp| type| source ---|---|--- 2026-05-07 14:00:00+00:00| seen| http://takeonme.org/cves/cve-2026-7413/ 2026-05-07 14:00:00+00:00| seen| http://takeonme.org/cves/cve-2026-7414/ 2026-05-07 14:00:00+00:00| seen| http://takeonme.org/cves/cve-2026-7415/ 2026-05-07 19:36:35+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2017-7413
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde...
Linux Distros Unpatched Vulnerability : CVE-2016-7413
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the wddxstackdestroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a...
CVE-2024-7413 Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the...
CVE-2024-7413 Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the...
CVE-2024-7413
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to 3.8.1 due to allow direct access to bootstrap.php with display_errors enabled. This enables unauthenticated information exposure (full path) that can assist other vulnerabilities; no exploit detai...
WordPress Obfuscate Email Plugin <= 3.8.1 is vulnerable to Sensitive Data Exposure
Software Obfuscate Email Type Plugin Vulnerable versions = 3.8.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7413 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 734768c02b8e Credits stealthcopter Required...
Horde Groupware Command Injection (CVE-2017-7413)
A command injection vulnerability exists in Horde Groupware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Slackware: Security Advisory (SSA:2016-267-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2016-0319)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2477-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2459-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2477-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2043)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1865)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-7413
In the Parallax Scroll aka adamrob-parallax-scroll plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. "parallax" has a spelling change within the PHP filename...
CVE-2019-7413
CVE-2019-7413 concerns the WordPress plugin “Parallax Scroll” (adamrob-parallax-scroll). All documented sources indicate the vulnerability is a cross-site scripting (XSS) flaw in the shortcode handling: the file includes/adamrob-parralax-shortcode.php allows XSS via the title text, with a noted f...
PHP 7.0.x < 7.0.11 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....
[SECURITY] [DLA 1398-1] php-horde-crypt security update
Package : php-horde-crypt Version : 2.5.0-5+deb8u1 CVE ID : CVE-2017-7413 CVE-2017-7414 Debian Bug : 859635 It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an...