7 matches found
CVE-2024-13336
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauthenticated attackers to disable all auto...
PT-2024-10043 · Lenovo · Lenovo Accessories/Display Manager +1
Name of the Vulnerable Software and Affected Versions: Lenovo Accessories and Display Manager LADM affected versions not specified Lenovo Display Control Center LDCC affected versions not specified Description: The issue is related to improper certificate validation in the software, which could...
PT-2024-38843 · WordPress · Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Alphabetical List WordPress plugin versions 1.0.0 through 1.0.3 Description: The issue concerns the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
PT-2023-25654 · Prolion · Prolion Cryptospike
Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A missing integrity check in the update system allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. Recommendations: For ProLion...
PT-2018-16312 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An...
PT-2018-16283 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker...
PT-2018-16284 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: A firmware downgrade vulnerability exists in the firmware update functionality. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD...