Lucene search
K

37 matches found

NVD
NVD
added 2024/10/17 6:15 p.m.27 views

CVE-2024-49299

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Surfer Surfer surferseo allows SQL Injection.This issue affects Surfer: from n/a through = 1.5.0.502...

7.6CVSS0.0041EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 5:27 p.m.21 views

CVE-2024-49299 WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502...

7.6CVSS7.7AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 5:27 p.m.56 views

CVE-2024-49299

CVE-2024-49299 affects the WordPress Surfer plugin up to version 1.5.0.502. It is an SQL injection caused by improper neutralization of special elements in an SQL command. Patchstack/CVE details show a fix in Surfer 1.6.0.523; upgrade to 1.6.0.523 or newer. CVSSv3.1 base score 7.6 (HIGH); attack ...

7.6CVSS5.9AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 5:27 p.m.37 views

CVE-2024-49299 WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Surfer Surfer surferseo allows SQL Injection.This issue affects Surfer: from n/a through = 1.5.0.502...

7.6CVSS0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.5 views

WordPress plugin Surfer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.6CVSS7.8AI score0.0041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.13 views

PT-2024-33439 · Surfer · Surfer

Name of the Vulnerable Software and Affected Versions: Surfer versions n/a through 1.5.0.502 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

7.6CVSS8AI score0.0041EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/15 12:7 p.m.6 views

WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyễn Trung Kiên Patchstack Alliance in WordPress Plugin Surfer versions = 1.5.0.502...

7.6CVSS8.1AI score0.0041EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.12 views

WordPress Surfer Plugin <= 1.5.0.502 is vulnerable to SQL Injection

Software Surfer Type Plugin Vulnerable versions = 1.5.0.502 Fixed in 1.6.0.523 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49299 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d0e40de8a6d2 Credits Nguyễn Trung Kiên anhchangmutrang Required privile...

7.6CVSS7.8AI score0.0041EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Surfer < 1.3.3.379 - Missing Authorization

Description The Surfer plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions, such as removepostdraftconnection, checkdraftstatus, getlocations, getajaxsurferconnecturl, disconnectsurferfromwp, and...

6.7AI score0.0048EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/01 12:0 a.m.7 views

WordPress Surfer Plugin <= 1.3.2.357 is vulnerable to Broken Access Control

Software Surfer Type Plugin Vulnerable versions = 1.3.2.357 Fixed in 1.3.3.379 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35037 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID fee59b89530e Credits Jonas Höbenreich Required...

6.5AI score0.0048EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/08/24 5:47 a.m.11 views

LDAP Injection

cloudron-surfer is vulnerable to LDAP injection. Lack of validation in the username parameter allows an attacker to inject and execute arbitrary LDAP statements, resulting in authentication bypass, information disclosure or potentially denial of service...

5AI score
Exploits0
Hacker One
Hacker One
added 2020/06/24 5:12 p.m.12 views

Node.js third-party modules: [cloudron-surfer] Denial of Service via LDAP Injection

I would like to report Denial of service via LDAP Injection vulnerability in cloudron-surfer module. It allows a malicious attacker to send a malformed input that is interpreted as an LDAP filter, leading to Denial of Service. Module module name: cloudron-surfer version: 5.9.0 npm page:...

7.5AI score
Exploits0
OSV
OSV
added 2013/10/28 10:55 p.m.2 views

DEBIAN-CVE-2012-6303

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large chunk size in a WAV file...

6.8CVSS8.2AI score0.10239EPSS
Exploits1References1
NVD
NVD
added 2004/07/27 4:0 a.m.12 views

CVE-2004-0739

Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service client crash and possibly execute arbitrary code via a long filename...

7.5CVSS7.9AI score0.0245EPSS
Exploits0References3
Cvelist
Cvelist
added 2004/07/23 4:0 a.m.21 views

CVE-2004-0739

Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service client crash and possibly execute arbitrary code via a long filename...

7.9AI score0.0245EPSS
Exploits0References3
CVE
CVE
added 2004/07/23 4:0 a.m.51 views

CVE-2004-0739

CVE-2004-0739 describes a buffer overflow in Whisper FTP Surfer 1.0.7 that allows a remote FTP server to cause a denial of service (client crash) and potentially execute arbitrary code via a long filename. The NVD entry lists this as a network‑vector, low complexity, no authentication required, w...

7.5CVSS8.3AI score0.0245EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2004/07/20 12:0 a.m.20 views

[Full-Disclosure] Buffer overflow in Whisper FTP Surfer 1.0.7

PRODUCT Whisper FTP Surfer is a freeware FTP client for Windows DETAILS A buffer overflow in version 1.0.7 latest version occours when trying to open a file with a long name from an FTP Server. For common extension as .txt FTP surfer create a temporary file and tries to open it. When closing the...

1.1AI score
Exploits0
Rows per page
Query Builder