PT-2024-24005 · Unknown · Benchmark Email Lite

Name of the Vulnerable Software and Affected Versions: Benchmark Email Lite versions n/a through 4.1 Description: A Cross-Site Request Forgery CSRF issue affects the software, which can be exploited to perform unintended actions on behalf of the user. Recommendations: For versions n/a through 4.1...

WordPress Hosting Benchmark tool plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WordPress Hosting Benchmark tool versions = 1.3.6...

WordPress WordPress Hosting Benchmark tool Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Hosting Benchmark tool Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31922 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a2d0e78718f9 Credits...

WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Benchmark Email Lite versions = 4.1...

WordPress Benchmark Email Lite Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Benchmark Email Lite Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31360 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 854801e675e4 Credits Joshua Chan Requir...

GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints

This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...

SUSE CVE-2024-27508

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

CVE-2024-27508

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

CVE-2024-27508

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

Memory corruption

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

PT-2024-21923 · Atheme · Atheme

Name of the Vulnerable Software and Affected Versions: Atheme version 7.2.12 Description: The issue is a memory leak vulnerability located in the /atheme/src/crypto-benchmark/main.c file. Recommendations: For Atheme version 7.2.12, consider restricting access to the vulnerable file...

Atheme Security Breach

Atheme is a set of IRC services open-sourced by Atheme. A security vulnerability exists in Atheme version 7.2.12, which stems from a memory leak contained in /atheme/src/crypto-benchmark/main.c. The vulnerability is caused by a memory leak in /atheme/src/crypto-benchmark/main.c, which contains a...

CVE-2024-27508

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

CVE-2024-27508

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

CVE-2024-27508

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...

Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...

CLSA-2023-1698945053 libgcrypt: Fix of 4 CVEs

CVE-2013-4576: Normalize the MPIs to prevent possible side-channel attacks - CVE-2014-3591: Use ciphertext blinding for Elgamal to prevent possible side-channel attacks - CVE-2021-33560: Use of smaller K for ephemeral key in ElGamal prevent generation of weak keys - CVE-2021-40528: Add exponent...

GHSA-9V66-9239-CQV2 Jeecg-boot SQL Injection vulnerability

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

Jeecg-boot SQL Injection vulnerability

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...