EUVD-2018-9069

Malware in sbrugna...

AZL-53468 CVE-2024-50298 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vfstate during PF probes In the previous implementation, vfstate is allocated memory only when VF is enabled. However, netdeviceops::ndosetvfmac may be called before VF is enabled to configure the MAC address...

CVE-2024-50298 net: enetc: allocate vf_state during PF probes

In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vfstate during PF probes In the previous implementation, vfstate is allocated memory only when VF is enabled. However, netdeviceops::ndosetvfmac may be called before VF is enabled to configure the MAC address...

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

RICOH SP 4510SF Cross-site Scripting (CVE-2018-17001)

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. This plugin only works with Tenable.ot. Please visit...

PVS boot time message "Attempting to set IP address on Boot NIC.......complete after 51s."

Target devices show a boot time message "Attempting to set IP address on Boot NIC.......complete after 51s." This message was not observed in earlier versions of PVS target device software like PVS 1912...

kernel security, bug fix, and enhancement update

5.14.0-70.26.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.26.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...

CVE-2022-28895

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in Kun...

Mail.ru: Stored XSS in address on [corporate.city-mobil.ru]

Stored XSS in address setting functionality on corporate.city-mobil.ru...

jenkins: XSS vulnerability in Jenkins URL setting

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

Cross site scripting

On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

RICOH MP 305+ Printer - Cross-Site Scripting

RICOH MP 305+ Printer - Cross-Site Scripting Exploit Title: RICOH MP 305+ Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

PHPMyWind Arbitrary Code Execution Vulnerability (CNVD-2018-19543)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A security vulnerability exists in the admin/webconfig.php file in PHPMyWind version 5.5. The vulnerability can be exploited to execute arbitrary code by rewriting URL settings...

JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Impact An attacke...

CVE-2017-11726

services/systemio/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery CSRF, as demonstrated by changing an e-mail address setting...

openSUSE Security Update : xen-201004 (openSUSE-SU-2010:0293-1)

Collective Xen 2010/04 Update, containing fixes for the following issues : bnc576832 - pygrub, reiserfs: Fix on-disk structure definition bnc537370 - Xen on SLES 11 does not boot - endless loop in ATA detection bnc561912 - xend leaks memory bnc564750 - Keyboard Caps Lock key works abnormal under...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...