Linksys E2000 1.0.06 position.js Improper Authentication

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. id: CVE-2024-27497 info: name: Linksys E2000 1.0.06 position.js Improper Authentication author: DhiyaneshDk severity: high description: | Linksys E2000 Ver.1.0.06 build 1 is vulnerable to...

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘providername parameter in all versions up to, and including, 4.1.3 due t...

CVE-2024-45622

ASIS aka Aplikasi Sistem Sekolah using CodeIgniter 3 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass...

CVE-2022-39387

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWi...

PYSEC-2022-259

An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication...

Grandstream GXV3175 Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Grandstream GXV3175 'settimezone' Unauthenticated Command Execution", 'Description' = %q This module exploits a command injection vulnerability i...

[ASA-202106-21] gitlab: multiple issues

Arch Linux Security Advisory ASA-202106-21 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2021-22181 CVE-2021-22213 CVE-2021-22214 CVE-2021-22216 CVE-2021-22217 CVE-2021-22218 CVE-2021-22219 CVE-2021-22220 CVE-2021-22221 Package : gitlab Type : multiple...

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier...

CVE-2012-0874

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

BPAffiliate Affiliate Tracking SQL Injection

/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID -----------------------------------------------------------------------...

DELTAScripts PHP Classifieds 7.5 - Authentication Bypass

DELTAScripts PHP Classifieds 7.5 - Authentication Bypass deltascripts phpclassifieds Remote Auth Bypass Vulnerability ---------------------------------------------------------- Discovered By: ZoRLu Date: 06.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK, YiTiRDi...