PT-2025-3242 · Tips Tricks Hq · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Tips and Tricks HQ Compact WP Audio Player versions 1.9.14 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability that allows Server Side Request Forgery. This means an attacker can potentially trick the server...

WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Compact WP Audio Player versions = 1.9.14...

SUSE CVE-2024-53234

In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta1 lclusters gracefully syzbot reported a WARNING in iomapiterdone: iomapfiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctlfiemap fs/ioctl.c:220 inline Generally, NONHEAD lclusters won't have delta1==0, exce...

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in several WAGO products. The vulnerability originates fro...

WAGO多款产品 路径遍历漏洞

WAGO Edge Controller and others are products of WAGO, Germany.WAGO Edge Controller is an edge controller.WAGO PFC is a compact PLC for modular WAGO-I/O systems.WAGO CC100 0751-9x01 is a compact controller. A path traversal vulnerability exists in various WAGO products, which can be exploited by a...

WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...

WordPress Compact WP Audio Player Plugin <= 1.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Compact WP Audio Player Type Plugin Vulnerable versions = 1.9.13 Fixed in 1.9.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10176 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 039bee66f701 Credits theviper17y...

WordPress plugin Compact WP Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-6729

The CVE-2023-6729 entry concerns Nokia SR OS routers where a low-privilege user with the "access console" can read or replace the router’s configuration and other files on the CF/SD card via SFTP/SCP, bypassing CLI commands. Affected component: SR OS file system access via remote file transfer fo...

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Compact GuardLogix, CompactLogix, ControlLogix, GuardLogix, 1756-EN4TR Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful...

CVE-2024-6077 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover...

CVE-2024-6077 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover...

Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380, CompactLogix 5480, 1756-EN4 Vulnerability : Improper Input Validation 2. RISK...

Rockwell Automation多款产品 安全漏洞

Rockwell Automation 2800C OptixPanel Compact and others are products of Rockwell Automation, Inc.Rockwell Automation 2800C OptixPanel Compact is a compact operator panel. Rockwell Automation 2800S OptixPanel Standard is a standard operator panel.Rockwell Automation Embedded Edge Compute Module is...

Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380 Improper Input Validation (CVE-2024-7515)

A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...

CVE-2024-7515 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation

CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller...

CVE-2024-7515 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation

CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller...

CVE-2024-7507 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation

CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller...

Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380 Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of...