PT-2026-38301

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description When LDAP TLS is enabled via the LDAP USE TLS variable, the LDAP authentication module in the bind function unconditionally disables TLS certificate verification at the global ldap module level. This...

PLANET FW-WGS-804HPT 安全漏洞

Planet FW-WGS-804HPT is a wall mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the stpconfname parameter in the webstpglobalSettingpost function failing to correctly validate the length and size of the input data...

CVE-2025-44888

Planet FW-WGS-804HPT v1.305b241111 is affected by a stack overflow in the web_stp_globalSetting_post function caused by insufficient validation of the stp_conf_name parameter. The issue can allow arbitrary code execution or a denial of service. No exploit details are provided in the documents. A ...

CVE-2024-45461

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to acce...

CVE-2024-45461 Apache CloudStack Quota plugin: Access checks not enforced in Quota

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to acce...

CVE-2024-41107

The CloudStack SAML authentication disabled by default does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response...

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

PT-2022-23076 · Minetest +2 · Minetest +2

Name of the Vulnerable Software and Affected Versions: Minetest versions prior to 5.6.1 Description: The issue concerns a security vulnerability in Minetest, a free open-source voxel game engine, where a mod in single-player mode can set a global setting to control the Lua script loaded for the...

WordPress plugin 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Perfect Survey plugin in versions prior to 1.5.2 has a cross-site request forgery vulnerability, which stems from the absence of CSRF in the saveglobalsetting AJAX action check, an...

Atlassian Confluence < 7.11.0 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior 7.11.0. It is, therefore, affected by the following vulnerabilities : - A blind Server-Side Request Forgery SSRF vulnerability in Team Calendars parameters. CVE-2020-29445 - A...

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...

Preventing the Cache-Control Response Header from being Set to private

Q: When Compression is enabled on a NetScaler appliance, can you prevent the Cache-Control response header being set to the value private? A: Yes. You can prevent the Cache-Control response from being set to the value private when compression is enabled on a NetScaler appliance. To prevent the...

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

Asterisk Project Security Advisory - AST-2011-013 Product Asterisk Summary Possible remote enumeration of SIP endpoints with differing NAT settings Nature of Advisory Unauthorized data disclosure Susceptibility Remote unauthenticated sessions Severity Minor Exploits Known Yes Reported On 2011-07-...

dreamaccount.py.txt

!/usr/bin/env python DreamAccount Federico Fazzi more info see advisory. need registerglobal = On import os, sys, socket usage = "run: python %s remoteaddr remoteport remotepath remotecmd " % os.path.basenamesys.argv0 if lensys.argv \n" require$dapath . "setup.php"; includers =...

DEBIAN-CVE-2005-2700

sslenginekernel.c in modssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions...