91 matches found
How Your Business Can Benefit From Combining a DAM and CDN
...
Malicious code in gym-reschdule-combination (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9d6896ff82aa630b84126788fe76a7c577e11e871c9307f5b56a43ea7166062d A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
CVE-2024-50039
In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCASTAB only for root qdisc Most qdiscs maintain their backlog using qdiscpktlenskb on the assumption it is invariant between the enqueue and dequeue handlers. Unfortunately syzbot can crash a host rather easily...
SUSE CVE-2024-47176
CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause t...
EulerOS 2.0 SP12 : dnsmasq (EulerOS-SA-2024-1865)
According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...
CVE-2024-27176
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...
CVE-2024-27178
CVE-2024-27178 affects Toshiba e-STUDIO multifunction printers. The vulnerability allows Remote Code Execution by overwriting files, enabled by falsifying the file name variable. The issue can be leveraged in combination with other vulnerabilities; exploitation context beyond a single vulnerabili...
CVE-2024-27177 Remote Code Execution
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower th...
CVE-2024-27177
CVE-2024-27177 affects Toshiba multi-function printers (e-studio/Toshiba MFPs). A vulnerability in the handling of the package name variable allows an attacker to overwrite files, enabling Remote Code Execution. The issue can be leveraged in combination with other vulnerabilities and may not be e...
CVE-2024-27176 Remote Code Execution
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...
CVE-2024-27176
CVE-2024-27176 affects Toshiba MFP/Toshiba Tec e-STUDIO printers. The root cause is an issue where an attacker can cause Remote Code Execution by overwriting files, enabled by falsifying a session ID variable. The vulnerability is documented as potentially exploitable in combination with other we...
CVE-2024-27173
Toshiba e-STUDIO multi-function printers are affected by CVE-2024-27173 in the Remote Command program, enabling remote code execution by overwriting Python executables. Root cause involves execution of code via uploaded/modified Python files, with impact to confidentiality, integrity, and availab...
CVE-2024-2244
REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...
[SECURITY] Fedora 40 Update: vecmath1.2-1.14-36.fc40
This is an unofficial implementation java source code of the javax.vecmath package specified in the JavaTM 3D API 1.2 . The package includes classes for 3-space vector/point, 4-space vector, 4x4, 3x3 matrix, quaternion, axis-angle combination and etc. which are often utilized for computer graphic...
PT-2023-31194 · WordPress · Bear
Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is related to Missing Authorization due to a missing capability check on the woobe bulkoperations apply default combination function. This allows authenticat...
WordPress Plugin BEAR Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Improper access control
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...
combinationlock.com Cross Site Scripting vulnerability OBB-3680083
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...