CVE-2022-41015

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (rabbitmq-server) (RHSA-2022:8851)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8851 advisory. RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and...

Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files.fm and failiem.lv to host malware, while compromised web...

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

Heap overflow

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

CVE-2022-4498 A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

CVE-2022-4498 A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

CVE-2022-4498

CVE-2022-4498 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 via the httpd daemon. A crafted HTTP Basic Authentication input can trigger a heap overflow in httpd, yielding either a DoS (crash) or arbitrary code execution on affected devices. Public sources (CERT/CC and NVD entries) corr...

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM System Management Mode arbitrary code execution...

CVE-2021-26343

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure...

CVE-2012-10004

A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basiccartcheckoutformsubmit of the file basiccart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading t...

Cross site scripting

A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basiccartcheckoutformsubmit of the file basiccart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading t...

CVE-2012-10004

The CVE-2012-10004 entry describes a cross-site scripting vulnerability in the Drupal Backdrop-contrib Basic Cart component. Affected is the function basic_cart_checkout_form_submit in the file basic_cart.cart.inc, with remote exploit possible. Upgrading to version 1.x-1.1.1 addresses the issue; ...

CVE-2012-10004 backdrop-contrib Basic Cart basic_cart.cart.inc basic_cart_checkout_form_submit cross site scripting

A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basiccartcheckoutformsubmit of the file basiccart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading t...

backdrop-contrib Basic Cart 跨站脚本漏洞

backdrop-contrib Basic Cart is a cms site for individual developers. A cross-site scripting vulnerability exists in backdrop-contrib Basic Cart. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...

CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected component does not correctly validate the root path on folder related operations, allowing to...