46 matches found
CVE-2025-13174
CVE-2025-13174 affects rachelos WeRSS we-mp-rss up to 1.4.7. The vulnerability lies in the Webhook Module’s function do_job (file path: /rachelos/we-mp-rss/blob/main/jobs/mps.py). Manipulating the argument web_hook_url can lead to server-side request forgery (SSRF). The attack may be executed rem...
CVE-2020-9367
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it...
CVE-2019-18362
JetBrains MPS before 2019.2.2 exposed listening ports to the network...
CVE-2024-37051
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...
JetBrains Multiple IDE Security Vulnerabilities
JetBrains IntelliJ IDEA and others are products of the Czech company JetBrains.JetBrains IntelliJ IDEA is a set of integrated development environments IDEs for the Java language.JetBrains PyCharm is an integrated development environment IDE for the Python language. JetBrains PhpStorm is a softwar...
PT-2024-4040 · Jetbrains · Mps +12
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions 2023.1 through 2023.1.7 JetBrains IntelliJ IDEA versions 2023.2 through 2023.2.7 JetBrains IntelliJ IDEA versions 2023.3 through 2023.3.7 JetBrains IntelliJ IDEA version 2024.1.3 JetBrains IntelliJ IDEA versio...
CVE-2022-23086
Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...
CVE-2022-23086 mpr/mps/mpt driver ioctl heap out-of-bounds write
Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...
CVE-2022-23086
CVE-2022-23086 affects FreeBSD: the mpr/mps/mpt disk controller drivers expose _CFG_PAGE ioctls that allocate a caller-specified buffer size but copy a fixed-size header into it. This can result in heap data being overwritten if the input size is too small, potentially enabling privilege escalati...
mps-dresden.de Improper Access Control vulnerability OBB-3768576
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mps-myk.de Cross Site Scripting vulnerability OBB-2805220
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
FreeBSD-SA-22:06.ioctl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:06.ioctl Security Advisory The FreeBSD Project Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write Category: core Module: mpr, mps, mpt Announced:...
FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write
Problem Description: Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Impact: Users with access to the mpr, mp...
mps-dresden.de Improper Access Control vulnerability OBB-2394720
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Ericsson Network Location Mps Gmpc21 命令注入漏洞
Ericsson Network Location Mps Gmpc21 is a network mobile positioning system from Ericsson, Sweden. Ericsson Network Location MPS GMPC21 suffers from a command injection vulnerability that arises from the lack of filtering and escaping of SQL statements in the file name query in the export functio...
Ericsson Network Location MPS GMPC21 - Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...
Ericsson Network Location MPS GMPC21 - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...
Ericsson Network Location MPS GMPC21 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Restrictions Bypass RCE Meow Variant', 'Description' = %q This module exploits an arbitrary command execution...
CVE-2020-9367
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it...
CVE-2019-18362
JetBrains MPS before 2019.2.2 exposed listening ports to the network...