Ray Static File - Local File Inclusion

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. id: CVE-2023-6020 info: name: Ray Static File - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's /static/ directory allows attackers to read any file on the...

NagiosXI <= 5.4.12 menuaccess.php - SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. id: CVE-2018-10738 info: name: NagiosXI = 5.4.12 menuaccess.php - SQL injection author: DhiyaneshDk severity: high description: | A SQL injection issue was discovered in Nagios XI befor...

WebIQ 2.15.9 - Directory Traversal

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. id: CVE-2024-8752 info: name: WebIQ 2.15.9 - Directory Traversal author: s4e-io severity: high description: | The Windows version of WebIQ 2.15.9 is...

NagiosXI <= 5.4.12 logbook.php SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. id: CVE-2018-10737 info: name: NagiosXI = 5.4.12 logbook.php SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4....

WordPress JupiterX Core Plugin <= 4.6.5 is vulnerable to Arbitrary File Upload

Software JupiterX Core Type Plugin Vulnerable versions = 4.6.5 Fixed in 4.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7772 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ab3838034ebf Credits Geo Void Required privilege Unauthenticated...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39620 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b93d0cfbae0f Credits Rafie Muhammad Patchstack Required privilege...

WordPress WooCommerce Social Login Plugin <= 2.6.2 is vulnerable to PHP Object Injection

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5871 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26c69110d799 Credits István Márton Required privilege...

WordPress WP Masquerade Plugin <= 1.1.0 is vulnerable to Privilege Escalation

Software WP Masquerade Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33550 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 711ee525c5d1 Credits Rafie...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-46149 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 04def42b7ff1 Credits Rafie Muhammad Patchstack Required privile...

WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection

Software Flatsome Type Theme Vulnerable versions = 3.17.5 Fixed in 3.17.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-40555 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0472344ea36e Credits Rafie Muhammad Patchstack Required privilege...

ffmpeg:ffmpeg_AV_CODEC_ID_TIFF_fuzzer: Heap-buffer-overflow in dng_decode_jpeg

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5110559589793792 Project: ffmpeg Fuzzing Engine: honggfuzz Fuzz Target: ffmpegAVCODECIDTIFFfuzzer Job Type: honggfuzzasanffmpeg Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address:...

ffmpeg:ffmpeg_AV_CODEC_ID_HYMT_fuzzer: Heap-buffer-overflow in add_left_pred_c

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5135996772679680 Project: ffmpeg Fuzzing Engine: honggfuzz Fuzz Target: ffmpegAVCODECIDHYMTfuzzer Job Type: honggfuzzasanffmpeg Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address:...

Geeklog 2.2.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting...

arrow:arrow-ipc-stream-fuzz: Heap-buffer-overflow in arrow::UnionType::UnionType

Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5435281763467264 Project: arrow Fuzzing Engine: libFuzzer Fuzz Target: arrow-ipc-stream-fuzz Job Type: libfuzzerasanarrow Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address:...

CVE-2018-7162

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshak...

envoy/h1_capture_fuzz_test: Heap-use-after-free in Envoy::Http::Http1::ServerConnectionImpl::onMessageComplete

Project: https://github.com/envoyproxy/envoy.git Detailed report: https://oss-fuzz.com/testcase?key=5738507290542080 Project: envoy Fuzzer: libFuzzerenvoyh1capturefuzztest Fuzz target binary: h1capturefuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: Heap-use-after-free READ 8...

GHSA-QHQF-GHGH-X2M4 High severity vulnerability that affects Microsoft.AspNetCore.Mvc

See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://vulners.com/cve/CVE-2017-0249...

WSO2 Carbon 4.4.5 - Local File Inclusion

WSO2 Carbon 4.4.5 - Local File Inclusion + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt + ISR: ApparitionSec Vendor: =============== www.wso2.com Product: ====================...

Openfire 3.10.2 Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

GuestBook Scripts PHP 1.5 - Multiple Vulnerabilities

No description provided by source. Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: ===== 2012-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=601 VL-ID: ===== 601 Common Vulnerability Scoring System: ===================================...