304 matches found
PT-2024-27696 · Trendnet · Trendnet Tew-814Dap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-814DAP version 1 FW1.01B01 Description: A stack overflow issue was discovered via the submit-url parameter at the "/formPasswordAuth" API endpoint. Recommendations: For TRENDnet TEW-814DAP version 1 FW1.01B01, avoid using the...
PT-2024-23556 · Unknown · Ros Melodic Morenia
Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions 1 Description: The issue allows attackers to execute arbitrary code, cause a denial of service DoS, and obtain sensitive information via the file upload component. Recommendations: For ROS...
CVE-2024-27355
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...
Pimcore SQL Injection Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...
CVE-2023-51100
Tenda W9 V1.0.0.74456CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo...
CVE-2023-5776
The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possible for...
Rockwell Automation Stratix Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service (CVE-2016-6381)
A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...
[SECURITY] Fedora 38 Update: tinyexr-1.0.1-7.fc38
TinyEXR is a small library to load and save OpenEXR images. It supports the version 1 format and version 2 multi-part images, and it has partial support for version 2 deep images...
Debian: Security Advisory (DSA-5332-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-42175
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization...
Debian: Security Advisory (DLA-3460-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3394-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-23879
Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...
PT-2023-11804
Name of the Vulnerable Software and Affected Versions Tailor Mangement System version 1 Description A SQL injection issue allows a remote attacker to execute arbitrary code via the title parameter. This enables the attacker to potentially access or modify sensitive data. Recommendations For Tailo...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Vulnerability
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.56-alt1
1:2.4.56-alt1 built March 17, 2023 Anton Farygin in task 316447 March 9, 2023 Anton Farygin - 2.4.56 Fixes: CVE-2023-25690, CVE-2023-27522...
K5718: IKE version 1 multiple vulnerabilities CERT VU#226364
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
CVE-2021-33948
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter...
Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1
1:2.4.55-alt1 built Feb. 16, 2023 Anton Farygin in task 314497 Feb. 1, 2023 Anton Farygin - 2.4.55 Fixes: CVE-2022-37436, CVE-2006-20001, CVE-2022-36760...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1
1:2.4.55-alt1 built Feb. 7, 2023 Anton Farygin in task 314495 Feb. 1, 2023 Anton Farygin - 2.4.55 Fixes: CVE-2022-37436, CVE-2006-20001, CVE-2022-36760...