5111 matches found
CVE-2024-11353
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletemessage function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-11353
CVE-2024-11353 affects the WordPress plugin SMS for Lead Capture Forms (ClickSend Lead Capture Form). The vulnerability is a missing capability check in the delete_message() function across all versions up to 1.1.0, allowing authenticated attackers with Subscriber+ privileges to perform unauthori...
WordPress plugin SMS for Lead Capture Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...
Wyse Management Suite Authentication Bypass Vulnerability
Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. An authentication bypass vulnerability exists in Wyse Management Suite, which stems from a vulnerability that includes...
UBUNTU-CVE-2024-53104
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in...
[SECURITY] Fedora 41 Update: wireshark-4.4.2-1.fc41
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
The vulnerability of the capture_packages function in multifunctional wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a intruder to execute arbitrary commands.
The vulnerability of the capturepackages function in multifunctional wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO is related to the lack of measures to neutralize special elements. Exploiting this vulnerability could allow a remote attacker to execute...
CVE-2024-50374
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...
CVE-2024-50374
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...
CVE-2024-49595
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2024-49595
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2024-49595
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2024-49595
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2024-49595
CVE-2024-49595 affects Dell Wyse Management Suite (WMS) 4.4 and earlier, due to an Authentication Bypass by Capture‑Replay. The public documents show that a remote, high-privilege attacker could exploit this to cause a Denial of Service. Connected sources corroborate related issues in the same pr...
Dell Wyse Management Suite 安全漏洞
Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. An authentication bypass vulnerability exists in Wyse Management Suite, which stems from a vulnerability that includes...
The vulnerability of the FiveCo RAP traffic analyzer of Wireshark allows a hacker to cause a service failure.
The vulnerability of the FiveCo RAP traffic analyzer of Wireshark relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow attackers to cause service failures by injecting specially crafted packets or capture files...
SUSE CVE-2024-11595
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file...
CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...
CVE-2024-11596
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file...