Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

GHSA-685J-36QX-3VP2 Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

GHSA-96JV-C7M6-Q43G Cross-site request forgery vulnerability in Jenkins OpenID Plugin

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs

Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credential...

CVE-2023-24459

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-24458

A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in index.php which allows an attacker to inject and execute arbitrary JavaScript...

Regular Expression Denial Of Service(ReDoS)

actionpack is vulnerable to Regular Expression Denial of ServiceReDoS. The vulnerability exists due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious cookie, in combination with a specially crafted XFORWARDEDHOST header...

WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC testimonialsslider autoplay="1; alert1;...

Reentrancy attack to swap()

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A malicious contract can initiate a reentrancy attack to the swap function: it can swap token0 for token1, receiving token0 but without effectively providing the due token1 amount used to mint instead...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-15800)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...

CVE-2023-24428

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

Cross site scripting

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

_verifySignature function does not handle invalid signature

Lines of code Vulnerability details Impact The verifySignature function checks if the provided signature is valid by calling the internal function assertValidSignature. However, if the signature is not valid, the function does not handle the case and continues with the execution, this could lead ...