14 matches found
EUVD-2014-7848
Malware in sbrugna...
EUVD-2023-43975
Malicious code in bioql PyPI...
PT-2025-27469 · Dromara · Dromara Ruoyi-Vue-Plus
Name of the Vulnerable Software and Affected Versions: Dromara RuoYi-Vue-Plus version 5.4.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The...
PT-2025-17291 · Pbootcms · Pbootcms
Name of the Vulnerable Software and Affected Versions: PbootCMS version 3.2.5 Description: A vulnerability was found in the Image Handler component, which can lead to server-side request forgery. The manipulation can be launched remotely. Recommendations: For PbootCMS version 3.2.5, consider...
CVE-2025-1882
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done withi...
PT-2022-27340 · Unknown · Bspkrs Mcpmappingviewer
Name of the Vulnerable Software and Affected Versions: bspkrs MCPMappingViewer affected versions not specified Description: A critical issue has been found in the extractZip function of the RemoteZipHandler.java file, part of the ZIP File Handler component. This issue leads to path traversal and...
PT-2022-26364 · Tribal Systems · Zenario Cms
Name of the Vulnerable Software and Affected Versions: Tribal Systems Zenario CMS version 9.3.57595 Description: The issue affects the Remember Me Handler component, leading to session fixation. This can be exploited remotely, and the exploit has been disclosed. The attack may be initiated by an...
PT-2022-26065 · Delta Electronics · Diaenergie
Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie versions prior to v1.9.02.001 Description: The issue allows an attacker to inject SQL queries via the network. This is related to SQL Injection in Handler CFG.ashx. Recommendations: For versions prior to...
PT-2022-26800 · Open5Gs · Open5Gs
Name of the Vulnerable Software and Affected Versions: open5gs version 2.4.11 Description: The issue is related to a memory leak in the ngap-handler.c component. This allows attackers to cause a Denial of Service DoS via a crafted UE attachment. Recommendations: For open5gs version 2.4.11, consid...
PT-2022-22158 · Dell · Dell Client Bios
Name of the Vulnerable Software and Affected Versions: Dell Client BIOS versions prior to the remediated version Description: The issue is related to improper input validation, which could be exploited by a local authenticated malicious user. This exploitation could potentially lead to arbitrary...
WS: EJB3 role restrictions are not applied to jaxws handlers
A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...
CVE-2014-7999
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...
Code injection
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...
SA-CONTRIB-2014-054 - Views - Access Bypass
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module doesn't sufficiently check handler access when returning the list of handlers from viewplugindisplay::gethandlers. The...