Lucene search
+L

65 matches found

OSV
OSV
added 2025/12/05 12:42 p.m.5 views

CVE-2025-13654 CVE-2025-13654

A stack buffer overflow vulnerability exists in the bufferget function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read...

7.5CVSS7.5AI score0.00851EPSS
Exploits1References7
CERT
CERT
added 2025/12/05 12:0 a.m.7 views

Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read

Overview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can cause the tool to either crash or cause it to disclose portions of memor...

7.5CVSS7.9AI score0.00851EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-29443

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00439EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/17 10:19 a.m.4 views

WordPress Tripetto plugin <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Results Deletion vulnerability discovered by Duc Manh in WordPress Plugin WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto versions = 8.0.9...

4.3CVSS8.7AI score0.00179EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/09/12 2:16 p.m.12 views

CVE-2024-40457

No-IP Dynamic Update Client DUC v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior...

9.1CVSS0.00653EPSS
Exploits0References3
CVE
CVE
added 2024/09/12 12:0 a.m.45 views

CVE-2024-40457

CVE-2024-40457 concerns No-IP Dynamic Update Client (DUC) v3.x, where credentials may be exposed in cleartext on the command line or in a file. The description notes that the vendor explicitly recommends cleartext in /etc/default/noip-duc, which is presented as intentional behavior. The vulnerabi...

9.1CVSS7.3AI score0.00653EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/15 9:11 a.m.10 views

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...

4.3CVSS7AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/15 9:11 a.m.8 views

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...

4.3CVSS7AI score0.00267EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2024/03/04 7:35 a.m.11 views

duc-helices.com Cross Site Scripting vulnerability OBB-3864466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/07 9:51 p.m.9 views

duc-de-vendome.fr Cross Site Scripting vulnerability OBB-3850425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2023/09/01 10:54 a.m.44 views

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

5.9CVSS5.5AI score0.00439EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/09/01 10:54 a.m.10 views

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

5.9CVSS5.4AI score0.00439EPSS
Exploits1References1
CVE
CVE
added 2023/09/01 10:54 a.m.63 views

CVE-2023-25488

CVE-2023-25488 applies to the WordPress plugin WP Default Feature Image . The connected sources describe a Stored Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 1.0.1.1 . The root cause is an input/processing flaw in the plugin’s default feature image handling ...

5.9CVSS4.9AI score0.00439EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.10 views

PT-2023-20106 · WordPress · Duc Bui Quang Wp Default Feature Image

Name of the Vulnerable Software and Affected Versions: Duc Bui Quang WP Default Feature Image plugin versions 1.0.1.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects th...

5.9CVSS5.2AI score0.00439EPSS
Exploits1References4
Patchstack
Patchstack
added 2019/12/13 12:0 a.m.13 views

WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Nguyen The Duc in WordPress versions = 5.3. Solution Update WordPress to the latest available version at least 5.3.1...

1.2AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/04/16 12:0 a.m.35 views

Debian DSA-4172-1 : perl - security update

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow...

9.8CVSS7.1AI score0.10866EPSS
Exploits0References11
0day.today
0day.today
added 2016/10/28 12:0 a.m.74 views

NO-IP DUC v4.1.1 Unquoted Service Path Privilege Escalation Exploit

Exploit Title : NO-IPprivilegescalation.rb - 'Unquoted Service Path Privilege Escalation' PDF Version : 4.1.1 vuln Discover : Ehsan Hosseini Module Author : pedr0 Ubuntu r00t-3xp10it Tested on : Windows 7 Professional Software Link : http://www.noip.com/client/DUCSetupv411.exe DESCRIPTION NO-IP D...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2016/10/20 12:0 a.m.29 views

NO-IP DUC 4.1.1 DLL Hijacking

===================================================== NO-IP DUC v4.1.1 - DLL Hijacking ===================================================== Vendor Homepage: http://noip.com Date: 20 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1 Author: Ashiyane Digital...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/10/14 12:0 a.m.44 views

NO-IP DUC 4.1.1 Privilege Escalation

===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1...

0.1AI score
Exploits0
0day.today
0day.today
added 2016/10/14 12:0 a.m.30 views

NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation

Exploit for windows platform in category local exploits ===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link :...

6.8AI score
Exploits0
Rows per page
Query Builder