5655 matches found
Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-site Scripting (CVE-2014-3313)
Cross-site scripting XSS vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582. This plugin only works with Tenable.ot. Please visit...
CVE-2024-49420
CVE-2024-49420 affects Samsung Gaming Hub. The issue is improper handling of responses in Gaming Hub prior to 6.1.04.6 (Korea) and 7.1.03.7 (Global), enabling remote attackers to launch arbitrary activity. Root cause: mishandling of responses in the Gaming Hub application. Impact: remote code/act...
CVE-2024-49420
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity...
PT-2024-33531 · Gaminghub · Gaminghub
Name of the Vulnerable Software and Affected Versions: GamingHub versions prior to 6.1.04.6 in Korea GamingHub versions prior to 7.1.03.7 in Global Description: The issue is related to the improper handling of responses in GamingHub, allowing remote attackers to launch arbitrary activity...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PostgreSQL vulnerabilities (USN-7132-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7132-1 advisory. It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this...
CVE-2024-11959
CVE-2024-11959 affects D-Link DIR-605L (firmware 2.13B01). The vulnerability lies in the function formResetStatistic within /goform/formResetStatistic; manipulating the curTime parameter leads to a buffer overflow. PT-2024-8960 and related sources indicate this can be exploited remotely and may e...
PT-2024-17129 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.11 Mattermost versions 9.11.x through 9.11.3 Mattermost versions 10.0.x through 10.0.1 Mattermost versions 10.1.x through 10.1.1 Description: The issue is related to the improper validation of email...
AmberWolf Launches NachoVPN Tool to Tackle VPN Security Risks
Researchers reveal major vulnerabilities in popular corporate VPN clients, allowing remote attacks. Discover the NachoVPN tool and expert…...
PT-2024-8793 · Vmware · Vmware Aria Operations
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject malicious...
PT-2024-38656 · Special Minds Design · E-Commerce
Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...
PT-2024-39622 · WordPress · Gmw-Premium-Settings +1
Name of the Vulnerable Software and Affected Versions: GEO my WP WordPress plugin versions prior to 4.5 gmw-premium-settings WordPress plugin versions prior to 3.1 Description: The issue is related to insufficient validation of files to be uploaded, which could allow attackers to upload arbitrary...
ROS-20241121-05
The vulnerability in the Moodle virtual learning environment is related to issues with controlling the visibility of user information in gradebook reports. of user information in gradebook reports. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
PT-2024-35231 · Unknown · Podlove Podcast Publisher
Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher versions through 4.1.15 Description: The issue is related to an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. This vulnerability allows for remote attacks due to flaws in the...
CVE-2024-11020
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-11020 Grand Vice info Webopac7 - SQL Injection
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-11020
CVE-2024-11020 affects Grand Vice info Webopac (Webopac from Grand Vice info). The vulnerability is a SQL Injection in the Webopac web interface that allows an unauthenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Several sources corrobora...
CVE-2024-11020 Grand Vice info Webopac7 - SQL Injection
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-11016
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-11016 Grand Vice info Webopac - SQL Injection
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-11016
CVE-2024-11016 affects Webopac from Grand Vice info. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Reported CVSS 3.1 v3.1 base score is 9.8 (CRITICAL) with network attack Vector, no...