46 matches found
CVE-2025-6399 TOTOLINK X15 HTTP POST Request formIPv6Addr buffer overflow
A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...
CVE-2025-32753
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, informati...
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Jun 2025)
Microsoft Edge Chromium-Based is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2025-23872 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.10CNB05 Description: A critical issue was found in the function setipsec config of the file /goform/setipsec config. The manipulation of the arguments localIP and remoteIP leads to os command injection. It is possible...
CVE-2023-32635
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...
CVE-2020-1790
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands...
CVE-2018-19159
lux through 5.2.2 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...
KLA82445 PE vulnerability in Microsoft Windows
An elevation of privilege vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-27732 Related products Microsoft-Windows Microsoft-Windows-Server Microsoft-Windows-10 Microsoft-Windows-Server-2016...
Google gVisor elevation of privilege vulnerability (CNVD-2025-07534)
Google gVisor is a container sandboxing technology developed by Google to provide greater isolation and security for containers. An elevation of privilege vulnerability exists in Google gVisor, which can be exploited by an attacker to access restricted files...
vBulletin 4.5 Add Administrator
vBulletin version 4.5 proof of concept add administrator exploit that leverages a vulnerability from 2013. ============================================================================================================================================= | Title : vBulletin 4.5 create new administrator...
CVE-2025-21507
...
CISA: STS Threat Timelines Read-Ahead
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CVE-2024-43235
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...
CVE-2024-32925
In dhdprottxstatusprocess of dhdmsgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2022-3607 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the fixed version Description: The issue is related to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms. This can be exploited if the victim has specific dependencies on a Windows...
Free-MP3-CD-Ripper-1.1
Exploit Title : Free MP3 CD Ripper 1.1 Local Buffer Overflow Software : http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version : 1.1 Tested on : Windows xp sp3 en Date : 27/08/2011 Author : X-h4ck Website : http://www.pirate.al , http://theflashcrew.blogspot.com Email : [email protected]...
Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
This host is missing an important security update according to Microsoft Bulletin MS14-026. OpenVAS Vulnerability Test $Id: gbms14-026.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Privilege Elevation Vulnerability 2958732 Authors: Antu Sanadi Copyright: Copyright C 2014 Greenbone...
Wifi Album 1.47 iOS - Command Injection
Title: ====== Wifi Album v1.47 iOS - Command Injection Vulnerability Date: ===== 2013-04-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=935 VL-ID: ===== 935 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============= WiF...
paNews v2.0b4 - PHP Injection
oooo oooo oooooooo8 ooooooooooo 8888o 88 888 88 888 88 88 888o88 888oooooo 888 88 8888 888 888 o88o 88 o88oooo888 o888o Network security team nst.e-nex.com Title: paNews v2.0b4 Bug found by: тёмыч Date: 20.02.2005 web: http://www.phparena.net/panews.php google: allintitle:paNews v2.0b4 PHP...
IBM DB2 Windows Permission Problems (#NISR05012005F)
NGSSoftware Insight Security Research Advisory Name: IBM DB2 Windows Permission Problems Systems Affected: DB2 8.1 Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: Chris Anley chris at ngssoftware.com Relates to: http://www.ngssoftware.com/advisories/db2-02.txt Date of Publi...