CVE-2026-4209

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2025-34313

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

CVE-2025-34313

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

CVE-2025-34313

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

CVE-2025-34313 IPFire < v2.29 Stored XSS via User Quota Rule URL Filter

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

CVE-2025-34313

IPFire

CVE-2025-34313 IPFire < v2.29 Stored XSS via User Quota Rule URL Filter

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

EUVD-2025-36524

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

EUVD-2022-2734

Malicious code in bioql PyPI...

RHEL 6 / 7 : openstack-nova (RHSA-2015:1898)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1898 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing...

BIT-MOODLE-2020-25630

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported...

Denial Of Service (DoS)

neutron is vulnerable to Denial of Service. The vulnerability exists because resources are produced without regard to the user's quota, which allow an attacker to submit a large number of requests, causing the application to crash...

SUSE CVE-2005-3271

Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user...

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/system/recalculateUserQuota Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️‍♂️ Proof of Concept //...

Moodle Resource Management Error Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle security vulnerability, which stems from not checking the size of the extracted zip file against the available user quota before...

Denial Of Service (DoS)

moodle/moodle is vulnerable to denial of service DoS. The vulnerability exists as the available user quota was not checked against the decompressed size of zip files before unzipping them...

CVE-2017-0887

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the...

Bypassing quota limitation (NC-SA-2017-005)

Due to not properly sanitzing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator...

MeltingIce File System &lt;= 1.0 Remote Arbitrary Add-User Exploit

No description provided by source. !/usr/bin/perl use strict; use LWP::UserAgent; NOTE: user a pretty uniqe username, has the script will say successfull if a username aready existed! NOTE: exploit is mainly to get a nice quota, but it can also to be used to add a user primeraly because alot of...

MeltingIce File System <= 1.0 Remote Arbitrary Add-User Exploit

Exploit for unknown platform in category web applications =============================================================== MeltingIce File System ; print "\nUsernamecreate's your username: "; chompmy $usr=; print "\nPasswordcreate's your password: "; chompmy $pwd=; print "\nEnter Quotaquotamb of...