CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...

PT-2019-10747 · Feingeist Software Gmbh · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service of Shimo VPN, specifically in the deleteConfig functionality, allowing the program to delete any protected file on the system. An attacker would...

Podcast Generator 1.1 - Remote Code Execution

!/usr/bin/php -q -d shortopentag=on $file.$ext $Ldeleted"; --------------------------- no check for admin rights, so now we can delete whatever file we want, with any exstension.. so let's delete config.php and make a rfesh new installation with a password set by us! the RCE is triggered in...