65 matches found
CVE-2025-13654 CVE-2025-13654
A stack buffer overflow vulnerability exists in the bufferget function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read...
Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read
Overview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can cause the tool to either crash or cause it to disclose portions of memor...
EUVD-2023-29443
Malicious code in bioql PyPI...
WordPress Tripetto plugin <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Results Deletion vulnerability discovered by Duc Manh in WordPress Plugin WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto versions = 8.0.9...
CVE-2024-40457
No-IP Dynamic Update Client DUC v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior...
CVE-2024-40457
CVE-2024-40457 concerns No-IP Dynamic Update Client (DUC) v3.x, where credentials may be exposed in cleartext on the command line or in a file. The description notes that the vendor explicitly recommends cleartext in /etc/default/noip-duc, which is presented as intentional behavior. The vulnerabi...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...
duc-helices.com Cross Site Scripting vulnerability OBB-3864466
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
duc-de-vendome.fr Cross Site Scripting vulnerability OBB-3850425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...
CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...
CVE-2023-25488
CVE-2023-25488 applies to the WordPress plugin WP Default Feature Image . The connected sources describe a Stored Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 1.0.1.1 . The root cause is an input/processing flaw in the plugin’s default feature image handling ...
PT-2023-20106 · WordPress · Duc Bui Quang Wp Default Feature Image
Name of the Vulnerable Software and Affected Versions: Duc Bui Quang WP Default Feature Image plugin versions 1.0.1.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects th...
WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Nguyen The Duc in WordPress versions = 5.3. Solution Update WordPress to the latest available version at least 5.3.1...
Debian DSA-4172-1 : perl - security update
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow...
NO-IP DUC v4.1.1 Unquoted Service Path Privilege Escalation Exploit
Exploit Title : NO-IPprivilegescalation.rb - 'Unquoted Service Path Privilege Escalation' PDF Version : 4.1.1 vuln Discover : Ehsan Hosseini Module Author : pedr0 Ubuntu r00t-3xp10it Tested on : Windows 7 Professional Software Link : http://www.noip.com/client/DUCSetupv411.exe DESCRIPTION NO-IP D...
NO-IP DUC 4.1.1 DLL Hijacking
===================================================== NO-IP DUC v4.1.1 - DLL Hijacking ===================================================== Vendor Homepage: http://noip.com Date: 20 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1 Author: Ashiyane Digital...
NO-IP DUC 4.1.1 Privilege Escalation
===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1...
NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation
Exploit for windows platform in category local exploits ===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link :...