SUSE CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...

SUSE CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

SUSE CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

SUSE CVE-2022-22749

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 96...

SUSE CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

Two Stored XSS in Instructions and User Widget

Stored XSS 1 Description 1 The santinizer founction noxsshtml$html can be bypassed since it missed to ban the tag of in $bannedelements = 'script', 'iframe', 'embed';. By this missing, the logged admin can maliciously inject xss payloads like in the backend database using the point POST...

C99Shell-PHP7 - PHP 7 And Safe-Build Update Of The Popular C99 Variant Of PHP Shell

C99Shell-PHP7 PHP 7 and safe-build Update of the popular C99 variant of PHP Shell. c99shell.php v.2.0 PHP 7 25.02.2019 Updated by: PinoyWH1Z for PHP 7 About C99Shell An excellent example of a web shell is the c99 variant, which is a PHP shell most of them calls it malware often uploaded to a...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228: Brief Description Apache L...

Remote Code Execution (RCE)

eta is vulnerable to Remote Code Execution RCE. The vulnerability is due to the Express render API overwriting template engine configuration variables which allows an attacker to execute arbitrary codes. An application is only vulnerable if its rendering user submitted data without sanitization...

Design/Logic Flaw

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

TD Bank: Search input is vulnerable for XSS in qa.td.com and dev.td.com

Summary: I was able to exploit search input in qa.td.com. Steps To Reproduce: Go to qa.td.com and use the search option to reproduce this vulnerability Supporting Material/References: F2152622 attachment / reference Example-...

CVE-2022-42909

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

WEPA Print Away 安全漏洞

WEPA Print Away is a cloud-based print management solution organized by the University of Wisconsin-Milwaukee. A security vulnerability exists in WEPA Print Away that stems from not verifying that a user is authorized to access a document before generating a print order and associated release cod...

CVE-2022-42909

WEPA Print Away is affected by an authorization flaw: a user with an account can generate print orders and release codes for documents they do not own without verifying access. The issue stems from not checking that the user is authorized to access documents before processing print jobs. Public d...

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...

CVE-2020-22662

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...

PT-2023-11636 · Ruckus · Smartcell Gateway 200 +12

Name of the Vulnerable Software and Affected Versions: Ruckus R310 version 10.5.1.0.199 Ruckus R500 version 10.5.1.0.199 Ruckus R600 version 10.5.1.0.199 Ruckus T300 version 10.5.1.0.199 Ruckus T301n version 10.5.1.0.199 Ruckus T301s version 10.5.1.0.199 SmartCell Gateway 200 SCG200 versions prio...

Ruckus Networks 多款产品命令注入漏洞

Ruckus Networks Unleashed C110 is a wireless LAN product from Ruckus Networks, Inc. A security vulnerability exists in various RUCKUS Networks products that originates from a remote code execution command injection that alters and sets unauthorized "illegal region codes", resulting in the operati...

WordPress GPT3 AI Content Writer Plugin < 1.4.38 is vulnerable to Content Injection

Software GPT3 AI Content Writer Type Plugin Vulnerable versions 1.4.38 Fixed in 1.4.38 OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-0405 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 868b79c31d14 Credits Lana Codes Required privilege...

WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...