2391 matches found
CVE-2022-42426
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2022-24973
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...
CVE-2022-24973
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...
CVE-2022-0650
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...
Stack overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...
CVE-2022-0650
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...
CVE-2022-0650
This CVE affects TP-Link TL-WR940N routers (v3.20.1 Build 200316 Rel.34392n). The root cause is a lack of proper validation of the length of user-supplied data in the httpd service, copying into a fixed-length stack-based buffer. The vulnerability allows network-adjacent attackers to execute arbi...
PT-2023-17127 · Openstack +3 · Openstack Heat +3
Name of the Vulnerable Software and Affected Versions: OpenStack heat affected versions not specified Description: An information leak was discovered in OpenStack heat, allowing a remote, authenticated attacker to use the 'stack show' command to reveal parameters that are supposed to remain hidde...
CVE-2023-23864 WordPress Very Simple Google Maps Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Michael Aronoff Very Simple Google Maps plugin = 2.8.4 versions...
Vulnerabilities fixed in Cisco Access Points
Cisco has fixed vulnerabilities in several access points. A malicious party could exploit the vulnerabilities to cause a denial-of-service on the vulnerable system, or to execute arbitrary code as root. To execute arbitrary code, the malicious party needs need prior authentication on the command...
CVE-2023-28666
The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...
CVE-2023-28663
The Formidable PRO2PDF WordPress Plugin, version 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdfexportfile action...
Linksys AX3200 V1.1.00 - Command Injection
Exploit Title: Linksys AX3200 V1.1.00 - Command Injection Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: Linksys Version: 1.1.00 Authentication Required: YES CVE : CVE-2022-38841 Tested on: Windows Proof Of Concept: 1 - login into AX3200 webui 2 - go to diagnostics page 3 - put...
Linksys AX3200 V1.1.00 - Command Injection Vulnerability
Exploit Title: Linksys AX3200 V1.1.00 - Command Injection Exploit Author: Ahmed Alroky Author: Linksys Version: 1.1.00 Authentication Required: YES CVE : CVE-2022-38841 Tested on: Windows Proof Of Concept: 1 - login into AX3200 webui 2 - go to diagnostics page 3 - put "google.com|ls" to perform a...
CVE-2023-22679 WordPress WP Better Emails Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nicolas Lemoine WP Better Emails plugin = 0.4 versions...
Trend Micro TXOne StellarOne Improper Access Control Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro TXOne StellarOne. Authentication is required to exploit this vulnerability. The specific flaw exists within the Account endpoint. The issue results from the lack of proper access control. An...
PT-2023-11834 · WordPress · Jetbackup
Name of the Vulnerable Software and Affected Versions: JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including 1.4.1 Description: The issue allows authenticated attackers with minimal permissions to change the location of backups, potentially leading to the the...
CVE-2023-22763
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...
SolarWinds Orion Platform BytesToMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BytesToMessage function. The issue results from the lack of proper validation ...
SolarWinds Network Performance Monitor WorkerProcessWCFProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the WorkerProcessWCFProxy function. The issue results from the lack o...