11 matches found
SUSE CVE-2021-1234
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...
CVE-2021-1234
creationtimestamp| type| source ---|---|--- 2024-11-18 15:52:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113504757865674846 2025-04-10 03:33:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmgkzglhv22h 2025-09-01 17:58:46+00:00| seen|...
CVE-2021-1234
Affected product/edition: Cisco SD-WAN vManage Software (cluster mode)\nVulnerability summary: In the cluster management interface, there is an absence of authentication for sensitive information, allowing an unauthenticated, remote attacker to view sensitive data by sending a crafted request.\nR...
Integer overflow
In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...
Unsafe deserialisation in the PKI implementation scheme of NVFlare
Impact NVFLARE contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact...
Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload
The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...
YCCMS file upload vulnerability
Yccms is a Php-based lightweight CMS builder from the Yccms team. yccms 3.3 has a file upload vulnerability, which stems from an error in the xhUp function's determination of request parameters and can be exploited by attackers to cause remote code execution...
x.emailuk.thewhitecompany.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-1132103 Security Researcher gazcbm Helped patch 0 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting x.emailuk.thewhitecompany.com website and its users. Following coordinated and responsible vulnerability disclosure...
trick.sextgem.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1127203 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting trick.sextgem.com website...
PMS 0.42 - Local Stack-Based Overflow (ROP)
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...
BroadWin WebAccess SCADA/HMI Client Remote Code Execution
No description provided by source. html bBroadWin WebAccess SCADA/HMI Remote Code Execution Vulnerability 0day/bbrbr WebAccess is the first fully web browser-based software package forbr human-machine interfaces HMI, and supervisory control and databr acquisition SCADA. bwocxrun.ocx ActiveX...