37 matches found
CVE-2024-49299
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Surfer Surfer surferseo allows SQL Injection.This issue affects Surfer: from n/a through = 1.5.0.502...
CVE-2024-49299 WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502...
CVE-2024-49299
CVE-2024-49299 affects the WordPress Surfer plugin up to version 1.5.0.502. It is an SQL injection caused by improper neutralization of special elements in an SQL command. Patchstack/CVE details show a fix in Surfer 1.6.0.523; upgrade to 1.6.0.523 or newer. CVSSv3.1 base score 7.6 (HIGH); attack ...
CVE-2024-49299 WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Surfer Surfer surferseo allows SQL Injection.This issue affects Surfer: from n/a through = 1.5.0.502...
WordPress plugin Surfer SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2024-33439 · Surfer · Surfer
Name of the Vulnerable Software and Affected Versions: Surfer versions n/a through 1.5.0.502 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyễn Trung Kiên Patchstack Alliance in WordPress Plugin Surfer versions = 1.5.0.502...
WordPress Surfer Plugin <= 1.5.0.502 is vulnerable to SQL Injection
Software Surfer Type Plugin Vulnerable versions = 1.5.0.502 Fixed in 1.6.0.523 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49299 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d0e40de8a6d2 Credits Nguyễn Trung Kiên anhchangmutrang Required privile...
Surfer < 1.3.3.379 - Missing Authorization
Description The Surfer plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions, such as removepostdraftconnection, checkdraftstatus, getlocations, getajaxsurferconnecturl, disconnectsurferfromwp, and...
WordPress Surfer Plugin <= 1.3.2.357 is vulnerable to Broken Access Control
Software Surfer Type Plugin Vulnerable versions = 1.3.2.357 Fixed in 1.3.3.379 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35037 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID fee59b89530e Credits Jonas Höbenreich Required...
LDAP Injection
cloudron-surfer is vulnerable to LDAP injection. Lack of validation in the username parameter allows an attacker to inject and execute arbitrary LDAP statements, resulting in authentication bypass, information disclosure or potentially denial of service...
Node.js third-party modules: [cloudron-surfer] Denial of Service via LDAP Injection
I would like to report Denial of service via LDAP Injection vulnerability in cloudron-surfer module. It allows a malicious attacker to send a malformed input that is interpreted as an LDAP filter, leading to Denial of Service. Module module name: cloudron-surfer version: 5.9.0 npm page:...
DEBIAN-CVE-2012-6303
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large chunk size in a WAV file...
CVE-2004-0739
Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service client crash and possibly execute arbitrary code via a long filename...
CVE-2004-0739
Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service client crash and possibly execute arbitrary code via a long filename...
CVE-2004-0739
CVE-2004-0739 describes a buffer overflow in Whisper FTP Surfer 1.0.7 that allows a remote FTP server to cause a denial of service (client crash) and potentially execute arbitrary code via a long filename. The NVD entry lists this as a network‑vector, low complexity, no authentication required, w...
[Full-Disclosure] Buffer overflow in Whisper FTP Surfer 1.0.7
PRODUCT Whisper FTP Surfer is a freeware FTP client for Windows DETAILS A buffer overflow in version 1.0.7 latest version occours when trying to open a file with a long name from an FTP Server. For common extension as .txt FTP surfer create a temporary file and tries to open it. When closing the...