253 matches found
CVE-2024-9559
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has...
CVE-2024-9550
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit...
PT-2024-7242 · D Link · Dir-605L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical issue affects the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. This can be exploited...
PT-2024-7235 · D Link · D-Link Dir-605L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: The issue is related to a buffer overflow vulnerability in the formSetWanL2TP function of the /goform/formSetWanL2TP file. This vulnerability can be exploited by sending a specially crafted PO...
PT-2024-7246 · D Link · D-Link Dir-605L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical issue has been found in the function formSetEasy Wizard of the file /goform/formSetEasy Wizard. The manipulation of the argument curTime leads to buffer overflow. This can be...
actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)
surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-64F8-PJGR-9WMR...
MSI Afterburner 安全漏洞
Micro-Star International Afterburner is a graphics card overclocking utility program from Micro-Star International Taiwan, China. A security vulnerability exists in MSI Afterburner v4.6.6.16381 Beta 3, which stems from the presence of an ACL bypass...
BIT-DISCOURSE-2021-39161 Cross-site scripting via category name in Discourse
Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...
BIT-DISCOURSE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...
Exploit for Use of Hard-coded Credentials in Gog Galaxy
GOG Galaxy - Research Artifacts Repository Structure This...
Laf Information Disclosure Vulnerability
Laf is a cloud development platform from labring labs. An information disclosure vulnerability exists in versions prior to Laf 1.0.0-beta.13. The vulnerability stems from lax control of the LAF application enV, which leads to the disclosure of sensitive information in the configmap...
TEx - Telegram Monitor
TEx is a Telegram Explorer tool created to help Researchers, Investigators and Law Enforcement Agents to Collect and Process the Huge Amount of Data Generated from Criminal, Fraud, Security and Others Telegram Groups. BETA VERSION Please note that this project has been in beta for a few weeks, so...
CVE-2023-42261
Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...
Dcat Admin 跨站脚本漏洞
Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua, an individual developer. A security vulnerability exists in Dcat Admin v2.1.3-beta that could allow an attacker to execute arbitrary web script or HTML via URL parameter injection with a...
CVE-2023-33193 Emby Server Proxy Header Spoofing Vulnerability
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...
CVE-2023-31576
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file...
Serendipity 代码问题漏洞
Serendipity is a PHP-based blogging system from the Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A security vulnerability exists in Serendipity version 2.4-beta1. An attacker can exploit the vulnerability to execute arbitrary code via specially...
VulnCheck KEV: CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...
SUSE CVE-2017-2839
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the...
SUSE CVE-2019-6472
A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...