EUVD-2025-29106

Malicious code in bioql PyPI...

UBUNTU-CVE-2021-47276

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftracebug It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftraceinit, but the error path rightfully returned -EINVAL and not -EFAULT,...

Webpower UPS 5.53 Denial Of Service Exploit

Exploit Title: Webpower UPS v5.53 HTTP Denial of Service Exploit Author: Yehia Elghaly Vendor Homepage: https://www.eaton.com/ae/en-gb.html Software Link: https://www.eaton.com/ae/en-gb.html Version: Revision v5.53 Tested on: WebPower UPS CVE: N/A !/usr/bin/env python Webpower UPS v5.53 HTTP Deni...

Wavlink WN533A8 Cross Site Scripting

Exploit Title: Wavlink WN533A8 - Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: M33A8.V5030.190716 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34048 Tested on: Windows Poc code history.pushState'', '', '/'...

Internet Bug Bounty: Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]

Greetings. I have found a read-beyond-bounds bug in luawebsocketreadbytes that permits an attacker to exfiltrate a controllable amount of heap data if the victim site runs a suitable LUA program. The bug is due to misuse of apgetbrigade and aprbucketread. The following code from v2.4.53 assumes...

Command injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

CVE-2017-15867

Multiple cross-site scripting XSS vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 datefrom, 2 dateto, 3 userid, 4 username, 5 countryname, 6 browser, 7 operatingsystem, or 8 ipaddress parameter to...

CVE-2017-15867

The CVE-2017-15867 case concerns the WordPress User Login History plugin (versions up to 1.5.2). The issue is a Cross-Site Scripting (XSS) vulnerability where user-supplied HTTP GET parameters (date_from, date_to, user_id, username, country_name, browser, operating_system, ip_address) are inserte...

Advantech WebAccess SCADA webeye.ocx ip_address Parameter Buffer Overflow - ver 2 (CVE-2014-8388)

A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the ipaddress parameter contained in the webeye.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

Stack overflow

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

Advantech WebAccess 7.2 Stack-Based Buffer Overflow Vulnerability

Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component. Advantech WebAccess Stack-based Buffer Overflow 1...

Mercur MailServer 5.0 SP3 - 'IMAP' Denial of Service

/ Exploit for : IMAP 5.0 SP3 DoS Exploit Advisory : http://secunia.com/advisories/19267/ Coder : Omnipresent Email : [email protected] Description : Tim Taylor has discovered a vulnerability in Mercur Messaging 2005, which can be exploited by malicious people and by malicious users to cause a...