D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in the clients of Zoom and Zoom Rooms. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to system data or cause a denial-of-service. To cause a Denial-of-Service, the malicious party does not need prior...

PT-2023-26945 · Unknown · Rdpngfileupload.Dll +1

Name of the Vulnerable Software and Affected Versions: IRM Next Generation booking system affected versions not specified Description: A vulnerability in RDPngFileUpload.dll allows a remote attacker to upload arbitrary content, such as a web shell component, to the SQL database and execute it wit...

D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

PT-2023-5421 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue is related to a Stored Cross-Site-Scripting XSS vulnerability, which allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative...

PT-2023-5422 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.24 Description: The issue is related to insufficient validation of arguments passed to a command in the lib/snmp.php file, allowing an authenticated privileged user to perform command injection and obtain remote code executi...

PT-2023-29862 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this issue. The specific flaw...

PT-2023-27316 · Devaldi · Flowpaper Plugin

Name of the Vulnerable Software and Affected Versions: Devaldi Ltd flowpaper plugin versions = 1.9.9 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Devaldi Ltd flowpaper plugin. This vulnerability requires authentication and is limited to use...

PT-2023-26494 · Realwebcare · Realwebcare Wrc Pricing Tables

Name of the Vulnerable Software and Affected Versions: Realwebcare WRC Pricing Tables plugin versions prior to 2.3.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Realwebcare WRC Pricing Tables plugin. This vulnerability requires...

PT-2023-20095 · WordPress · Yotuwp Video Gallery

Name of the Vulnerable Software and Affected Versions: Yotuwp Video Gallery plugin versions prior to 1.3.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Yotuwp Video Gallery plugin...

PT-2023-23994 · Woocommerce · Woocommerce Brands

Name of the Vulnerable Software and Affected Versions: WooCommerce WooCommerce Brands plugin versions = 1.6.45 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...

D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...

D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...

Adobe ColdFusion copydirectory Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the copydirectory endpoint. The issue results from the lack of proper validation of...

Vulnerabilities fixed in OPNSense

Vulnerabilities have been fixed in OPNSense. A malicious party could exploit the vulnerabilities to grant himself elevated privileges granted, execute arbitrary code on the system or access gain access to system data. For successful abuse, the malicious party needs prior authentication required...

PT-2023-7060 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. The specific flaw exis...

(0Day) (Pwn2Own) Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper...

(0Day) (Pwn2Own) Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate...