12 matches found
CVE-2025-67513
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...
EUVD-2011-1137
Malware in sbrugna...
EUVD-2013-4985
Malware in sbrugna...
GeoServer Missing Authorization on REST API Index
Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. Impact The REST API index can disclose whether certain extensions are installed. Workaround In...
CVE-2024-44019
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67...
PT-2024-39182 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2 Description: A remote code execution vulnerability exists via crafted extension description or changelog, which could be exploited by a malicious extension. Recommendations: For Docker Desktop versions...
CVE-2024-24751 Broken Access Control in Backend Module in sf_event_mgt
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
The vulnerability in the implementation of Google Chrome’s browser extension programming interface allows a perpetrator to circumvent security restrictions.
The vulnerability of Google Chrome’s application programming interface extensions is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by downloading specially created extensions...
SUSE CVE-2020-16027
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension...
CVE-2017-16130
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Several security fixes in this release, including: 641101 High CVE-2016-5170: Use after free in Blink.Credit to Anonymous 643357 High CVE-2016-5171: Use after free in Blink. Credit to Anonymous 616386 Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to...
php: FastCGI module DoS via multiple dots preceding the extension
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...