📄 Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse version 3.6.0.4 remote code execution proof of concept exploit written in php that takes advantage of an older flaw from 2022. ============================================================================================================================================= | Title : Mobil...

CVE-2025-9099

The CVE-2025-9099 entry concerns Acrel Environmental Monitoring Cloud Platform up to 20250804. The vulnerability resides in the NewsManage/UploadNewsImg interface, where manipulating the File parameter enables unrestricted file uploads and remote exploitation. Public disclosure of the exploit is ...

CVE-2020-9099

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...

CVE-2014-9099

Cross-site request forgery CSRF vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydoworkadsense page in wp-admin/options-general.php...

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions (e.g., Viewers, Prompt Editors). This is a data disclosure vulnerability that could let an attacker retrieve sensitive credentials and ac...

CVE-2024-9099 Exposure of Private API Keys in lunary-ai/lunary

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

Linux Distros Unpatched Vulnerability : CVE-2015-9099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via...

Ubuntu 16.04 ESM : LAME vulnerabilities (USN-4780-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4780-1 advisory. It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. Eight...

Ubuntu: Security Advisory (USN-4780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4780-1: LAME vulnerabilities

It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. Eight vulnerabilities CVE-2015-9099, CVE-2015-9100, CVE-2015-9101, CVE-2017-15018, CVE-2017-11720, CVE-2017-8419, CVE-2017-9412, CVE-2017-15045 only...

CVE-2019-9099

Summary: CVE-2019-9099 affects Moxa MGate MB3170/MB3270 (before 4.1), MB3280/MB3480 (before 3.1), MB3660 (before 2.3), and MB3180 (before 2.1) where a buffer overflow in the built‑in web server can cause a remote DoS and may allow arbitrary code execution . The root cause is a stack‑based overflo...

Fedora 27 : lame (2017-2e2dc86bc6)

Update to 3.100 1470202, 1505107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...

SA155: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to multiple vulnerabilities. A remote attacker can, under certain circumstances, obtain sensitive authentication credential information, redirect target users to malicious sites, and inject arbitrary JavaScript code into the...

Fedora 25 : lame (2017-38830f1443)

Update to 3.100 1470202, 1505107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...

Fedora 26 : lame (2017-9c29af2c64)

Update to 3.100 1470202, 1505107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...