26 matches found
CVE-2025-9306
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely...
CVE-2025-9306 SourceCodester Advanced School Management System addNotice cross site scripting
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely...
CVE-2025-9306 SourceCodester Advanced School Management System addNotice cross site scripting
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely...
CVE-2019-9306
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348...
CVE-2020-9306
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...
Oracle Linux 9 : httpd (ELSA-2024-9306)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9306 advisory. - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix - Resolves: RHEL-31856 - httpd: HTTP response splitting CVE-2023-38709 - Resolves:...
CVE-2024-9306
creationtimestamp| type| source ---|---|--- 2024-10-04 10:10:54+00:00| seen| https://t.me/cvedetector/6966...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9306)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9306 advisory. - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds...
CVE-2020-9306
creationtimestamp| type| source ---|---|--- 2021-02-18 02:49:27+00:00| seen| https://t.me/cibsecurity/23788 2021-02-19 12:11:34+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2735...
CVE-2020-9306
CVE-2020-9306 affects Digi ConnectPort X2e devices (SolarCity/Tesla branding) with hardcoded credentials stored in a .pyc-compiled file used at boot. FireEye analysis shows password_manager.pyc in /WEB/python/ contains five plaintext credentials for the python system user, enabling web and SSH ac...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device referred to throughout as X2e device. In Part One, we discussed the X2e at a high level, performed initial network-based attacks, then discussed the hardware techniques used to gain a remote shell on the X2e...
CVE-2019-9306
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348...
CVE-2019-9306
CVE-2019-9306 affects Android 10 Media Framework, specifically the libMpegTPDec component, where an out-of-bounds write caused by an integer overflow could enable remote code execution with user interaction. The issue is documented across multiple sources (NVD/Red Hat/PRION) with the Android bull...
CVE-2015-9306
creationtimestamp| type| source ---|---|--- 2019-08-12 18:28:28+00:00| seen| https://t.me/cibsecurity/6061...
CVE-2015-9306
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS...
CVE-2015-9306
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS...
CVE-2015-9306
The CVE-2015-9306 entry concerns the WordPress plugin wp-ultimate-csv-importer; versions prior to 3.8.1 are affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from inadequate validation of client-side data. Impact is XSS execution within the context of the user’s browser; ex...
CVE-2018-9306
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2018-9306
CVE-2018-9306 is a rejected/reserved candidate and does not represent an active vulnerability entry.
CVE-2018-9306
...