CVE-2024-13307

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

CVE-2024-4010

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

CVE-2024-9161

The CVE-2024-9161 entry affects the WordPress plugin Rank Math SEO – AI SEO Tools to Dominate SEO Rankings (versions up to 1.0.228). The root cause is a missing capability check in the function update_metadata , which allows unauthenticated users to insert, update, or delete metadata (including u...

CVE-2024-4465

CVE-2024-4465 describes an access control vulnerability in the Reports section of Guardian/CMC prior to version 24.2.0. A logged-in user with reporting privileges can discover a method to create a specific application request and make limited changes to the reporting configuration, risking partia...

CVE-2024-5856

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cirdeleteimage AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2024-3608

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the productdesignerajaxdeleteattachid function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary...

SoX 14.4.2 - Denial Of Service Vulnerability

Exploit Title: SoX 14.4.2 - Denial Of Service Exploit Author: LiquidWorm Vendor: Chris Bagwell Product web page: http://sox.sourceforge.net https://en.wikipedia.org/wiki/SoX Affected version: , buffer=, buffersize=optim...

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

CVE-2021-22759

A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...

CVE-2021-22760

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition...

CVE-2021-22759

A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...

CVE-2021-22758

A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition...

CVE-2021-22752

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP Workspace file is being parsed by IGSS Definition...

CVE-2021-22750

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition...

CVE-2021-22709

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF Configuration Group File fil...

CVE-2021-22709

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF Configuration Group File fil...

PuTTY (European Commission - DIGIT): Assertion `col >= 0 && col < line->cols' failed, process aborted while streaming ouput from remote server

Summary: During the course of testing putty-0.70-2019-03-01.e0a7697 on Fedora 29 compiled with clang version 7.0.1 Fedora 7.0.1-4.fc29, we discovered it was possible to abort a remote client by streaming data at it in such a way as to trigger an assertion failure in terminal.c. putty:...

PuTTY (European Commission - DIGIT): Assertion `len == 1' failed, process aborted while streaming ouput from remote server

Summary: During the course of testing putty-0.70-2019-02-12.75dda5e on Fedora 29 compiled with clang version 7.0.1 Fedora 7.0.1-1.fc29, we discovered it was possible to abort a remote client by streaming data at it in such a way as to trigger an assertion failure. putty: unix/gtkwin.c:3801: void...

Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability

CVSS v3 10 ATTENTION: Remotely exploitable. Low skill level is needed to exploit. Vendor: Red Lion Controls, AutomationDirect Equipment: Sixnet-Managed Industrial Switches and STRIDE-Managed Ethernet Switches Vulnerability: Use of Hard-coded Cryptographic Keys AFFECTED PRODUCTS The following Red...

Novell File Reporter Agent Arbitrary File Delete (CVE-2011-2750)

A policy bypass vulnerability exists in Novell File Reporter. The vulnerability allow a remote attacker to delete arbitrary files using OPERATION 4 commands, respectively.A remote unauthenticated attacker can leverage the vulnerability to delete arbitrary files, including system files, from the...