UBUNTU-CVE-2024-7867

In Xpdf 4.05 and earlier, very large coordinates in a page box can cause an integer overflow and divide-by-zero...

CVE-2024-7867 Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates

In Xpdf 4.05 and earlier, very large coordinates in a page box can cause an integer overflow and divide-by-zero...

PT-2024-38644

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue arises when very large coordinates in a page box cause an integer overflow and divide-by-zero. Recommendations For Xpdf versions 4.05 and earlier, at the moment, there is no information abou...

CVE-2024-40892

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...

CVE-2024-40892 Firewalla BTLE Weak Credentials

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...

CVE-2024-40892

CVE-2024-40892 affects Firewalla Box software versions prior to 1.979. A physically proximate attacker can leverage the license UUID to authenticate and provision SSH credentials over BTLE, then log in via SSH once the attacker gains LAN access. License UUID can be obtained by plain-text Bluetoot...

WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.9.10...

WordPress Meta Box – WordPress Custom Fields Framework Plugin <= 5.9.10 is vulnerable to Broken Access Control

Software Meta Box – WordPress Custom Fields Framework Type Plugin Vulnerable versions = 5.9.10 Fixed in 5.9.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43235 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 05cac2b9959a Credit...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from the Chinese company Huawei Huawei. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an access privilege vulnerability in the system share box module...

CVE-2024-7204

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

box-123.com Cross Site Scripting vulnerability OBB-3949516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MAL-2024-7632 Malicious code in sap-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 86709b300e2374d5bb16f8f492ae06e7d41fc92ca711bb29118742ea23c6acec The OpenSSF Package Analysis project identified 'sap-box' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicat...

Malicious code in sap-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 86709b300e2374d5bb16f8f492ae06e7d41fc92ca711bb29118742ea23c6acec The OpenSSF Package Analysis project identified 'sap-box' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicat...

CloudBrute - Awesome Cloud Enumerator

A tool to find a company target infrastructure, files, and apps on the top cloud providers Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode. The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation ...

WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Popup box versions = 4.5.1...

WordPress Popup box Plugin <= 4.5.1 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.5.1 Fixed in 4.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37096 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID aaf62ab75160 Credits Abdi Pranata Required privile...

CVE-2023-40004

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...