Lucene search
K

43 matches found

OSV
OSV
added 2024/11/15 10:57 a.m.15 views

CVE-2024-0787 Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...

5.3CVSS6.2AI score0.00454EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.4 views

PT-2024-15819 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.5.1 Description: The issue allows an attacker to bypass the IP block mechanism, enabling brute force attacks on user accounts, including the admin account, by utilizing the 'X-Forwarded-For' header. This is due to the get us...

5.9CVSS7.3AI score0.00454EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2024/10/15 2:48 a.m.3 views

SUSE CVE-2024-49214

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...

5.3CVSS6.9AI score0.00502EPSS
Exploits0References4
CVE
CVE
added 2024/06/28 6:1 a.m.55 views

CVE-2023-47802

Synology CVE-2023-47802 affects Synology Camera Firmware BC500/TC500 prior to version 1.0.7-0298. Root cause: improper neutralization of special elements used in OS commands in IP block functionality, enabling OS Command Injection. Impact: remote authenticated administrators can run arbitrary com...

7.2CVSS7.8AI score0.01464EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/28 6:1 a.m.10 views

CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following mode...

7.2CVSS7.7AI score0.01464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/05/20 2:20 p.m.31 views

CVE-2024-35920

A vulnerability was found in the Linux kernel's MediaTek VCodec driver, caused by the absence of a lock to protect the decoder context list ctxlist. This issue can lead to a NULL pointer dereference in the vpudecipihandler function, resulting in a kernel panic. Mitigation Mitigation for this issu...

5.5CVSS8.6AI score0.00225EPSS
Exploits0References4
OSV
OSV
added 2024/05/19 11:15 a.m.3 views

UBUNTU-CVE-2024-35920

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpudecipihandler' function when the ctxlist has been deleted due to an unexpected...

5.5CVSS5.7AI score0.00225EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/05/19 11:15 a.m.29 views

CVE-2024-35919

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist has been deleted due to an unexpected...

7CVSS6.3AI score0.00234EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/05/19 11:15 a.m.20 views

CVE-2024-35920

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpudecipihandler' function when the ctxlist has been deleted due to an unexpected...

5.5CVSS5.9AI score0.00225EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/05/19 10:10 a.m.19 views

CVE-2024-35920 media: mediatek: vcodec: adding lock to protect decoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpudecipihandler' function when the ctxlist has been deleted due to an unexpected...

6.8AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/19 10:10 a.m.34 views

CVE-2024-35920 media: mediatek: vcodec: adding lock to protect decoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpudecipihandler' function when the ctxlist has been deleted due to an unexpected...

6.4AI score0.00225EPSS
Exploits0References3
CVE
CVE
added 2024/05/19 10:10 a.m.84 views

CVE-2024-35920

CVE-2024-35920 refers to a Linux kernel issue in the media: mediatek: vcodec driver. The root cause is a race/NULL-pointer risk in vpu_dec_ipi_handler when the decoder context list (ctx_list) could be deleted due to SCP IP block behavior. The patch adds a lock around ctx_list to prevent illegal a...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/19 10:10 a.m.38 views

CVE-2024-35919 media: mediatek: vcodec: adding lock to protect encoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist has been deleted due to an unexpected...

6.4AI score0.00234EPSS
Exploits0References3
CVE
CVE
added 2024/05/19 10:10 a.m.96 views

CVE-2024-35919

CVE-2024-35919: The Linux kernel vulnerability involves a race/NULL dereference in media: mediatek: vcodec code where vpu_enc_ipi_handler may access a deleted ctx_list, potentially leading to a NULL pointer dereference when SCP IP block behavior deletes the list. A lock was added to protect the e...

7CVSS6.7AI score0.00234EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/12/15 5:14 p.m.27 views

CVE-2021-4226 RSFirewall < 1.1.25 - IP Block Bypass

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented...

9.7AI score0.00509EPSS
Exploits1References1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.29 views

WordPress RSFirewall! plugin <= 1.1.24 - IP Block Bypass vulnerability

IP Block Bypass vulnerability discovered by Daniel Ruf in WordPress RSFirewall! plugin versions = 1.1.24. Solution Update the WordPress RSFirewall! plugin to the latest available version at least 1.1.25...

2.6AI score0.00509EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/07/10 4:15 p.m.8 views

UBUNTU-CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

7.5CVSS7.1AI score0.01362EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/02/29 1:46 p.m.35 views

Veris: Password(s) can be found via login process.

Hello security team, It is possible to find passwords of other users by enumerate the login process. The scenario is quiet simple: 1 Go to https://sandbox.veris.in/portal/login/ 2 Fill in 'Email ID' and 'Password' and click 'Log In' 3 Capture the request via burp suite and send it to intruder. 4...

0.1AI score
Exploits0
0day.today
0day.today
added 2015/09/01 12:0 a.m.23 views

PFTP Server 8.0f Lite - textfield Local SEH Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Exploit Title: PFTP Server 8.0f lite SEH bypass technique tested on Win7x64 Date: 8-29-2015 Software Link: http://www.heise.de/download/the-personal-ftp-server-78679a5e8458e9faa7c5564617bdd4c4-1440883445-267104.html Exploit Author: Robbie Corley...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/08/31 12:0 a.m.21 views

PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC)

Exploit Title: PFTP Server 8.0f lite SEH bypass technique tested on Win7x64 Date: 8-29-2015 Software Link: http://www.heise.de/download/the-personal-ftp-server-78679a5e8458e9faa7c5564617bdd4c4-1440883445-267104.html Exploit Author: Robbie Corley Contact: [email protected] Website: CVE:...

7.4AI score
Exploits0
Rows per page
Query Builder