Siemens (CVE-2021-37732)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...

Siemens SCALANCE W1750D Command Injection (CVE-2021-25150)

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aru...

Siemens SCALANCE W1750D Improper Neutralization of Input During Web Page Generation (CVE-2018-7064)

A reflected cross-site scripting XSS vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session...

Siemens SCALANCE W1750D Command Injection (CVE-2020-24636)

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aru...

Siemens SCALANCE W1750D Exposure of Sensitive Information to an Unauthorized Actor (CVE-2018-7083)

If a process running within Aruba Instant crashes, it may leave behind a core dump, which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface...

Siemens SCALANCE W1750D Command Injection (CVE-2021-25146)

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aru...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25155)

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

Siemens SCALANCE W1750D Command Injection (CVE-2021-37727)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3...

Siemens SCALANCE W1750D Command Injection (CVE-2018-7084)

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete...

Upgraded Q -> 3 from #197 [1678982150949]

Judge has assessed an item in Issue 197 as 3 risk. The relevant finding follows: L-02 Instant reward calculation --- The text was updated successfully, but these errors were encountered: All reactions...

WordPress Instant Images Plugin <= 5.1.0.2 is vulnerable to Server Side Request Forgery (SSRF)

Software Instant Images Type Plugin Vulnerable versions = 5.1.0.2 Fixed in 5.2.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-27451 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 7950e8634dee Credits Universe Required...

Instant Images < 5.2.0 - Author+ SSRF

The plugin does not validate a parameter before making a request to it, which could allow users with Author role and above to perform SSRF attack...

The vulnerability of Adobe Connect’s instant messaging program, related to deficiencies in access control, allows attackers to circumvent existing security restrictions.

The vulnerability of Adobe Connect’s instant messaging program is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

CVE-2022-39983

File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code...

Instant Developer RD3 Framework 代码问题漏洞

Instant Developer RD3 Framework is a framework from Instant Developer, Inc. A code issue vulnerability exists in Instant Developer RD3 Framework version 22.0.8500, which stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

SUSE CVE-2005-0472

Gaim before 1.1.3 allows remote attackers to cause a denial of service infinite loop via malformed SNAC packets from 1 AIM or 2 ICQ...

SUSE CVE-2005-1261

Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message IM with a large URL...

SUSE CVE-2005-2102

The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service application crash via a filename that contains invalid UTF-8 characters...

SUSE CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL servers to cause a denial of service application crash or possibly...

SUSE CVE-2010-0423

gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service CPU consumption and application hang by sending many smileys in a 1 IM or 2 chat...