23 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-45932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be execute...
CVE-2025-14573
Mattermost advisory MMSA-2025-00561 describes a vulnerability in Mattermost versions 10.11.x ≤ 10.11.9 where invite permissions are not enforced when updating team settings. This allows team administrators lacking proper permissions to bypass restrictions and add users to their team via API reque...
Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2025-24729)
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...
EUVD-2018-4621
Malware in sbrugna...
EUVD-2020-11575
Malware in sbrugna...
EUVD-2019-7530
Malware in sbrugna...
F5 F5OS 安全漏洞
F5 F5OS is a proprietary operating system that runs on F5 Corporation's F5 devices to support its application delivery control and security features. A security vulnerability exists in F5 F5OS that stems from an administrator being able to bypass device mode restrictions...
CVE-2024-4157
CVE-2024-4157 covers a PHP Object Injection vulnerability in the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” All versions up to and including 5.1.15 are affected via deserialization in the extractDynamicValues function. Exploitation re...
Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additiona...
WordPress Plugin Brizy Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Veritas Technologies Veritas NetBackup 安全漏洞
Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in the Veritas NetBackup Appliance prior to version 4.1.0.1 MR3, which stems from an insecure privilege setting that could allow an...
CVE-2022-3394
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form...
Design/Logic Flaw
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...
Trend Micro OfficeScan Unauthorized Change Prevention Bypass Vulnerability
Trend Micro OfficeScan is a suite of distributed anti-virus software from Trend Micro. A security vulnerability exists in Trend Micro OfficeScan version 11.0 SP1 and XG. An attacker with administrator privileges could exploit this vulnerability to bypass security protections that prevent...
Hardcoded credentials
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage...
Moodle Design Vulnerability (CNVD-2016-03325)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A design vulnerability exists in Moodle. An attacker can exploit the vulnerability to...
Design/Logic Flaw
Report Builder in IBM Jazz Reporting Service JRS 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors...
Microsoft Windows NtApphelpCacheControl Improper Authorization Check
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' class Metasploit3 'Microsoft Windows NtApphelpCacheControl Improper Authorization Check',...
Vanilla Forums 2.0.18.4 Tagging Stored Cross Site Scripting
Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post your XSS as tag. I used alert'xss' You will have to use a proxy /...