D-Link DIR-619L B1 Buffer Overflow Vulnerability

The DIR-619L B1 is a home network router that provides high-speed Wi-Fi connectivity, is easy to set up and has multiple ports. A buffer overflow vulnerability exists in the D-Link DIR-619L B1. An attacker could use this vulnerability to modify the state of the program, such as by overwriting the...

server crash by zip bomb

This report is not public...

WordPress JiangQie Free Mini Program Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software JiangQie Free Mini Program Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49314 Patch priority High CVSS severity High 10 Developer Claim ownership PSID be9e9805193d Credits stealthcopter Required privileg...

PT-2025-2775

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace in the Linux kernel. This issue arises because the tail call cnt in entry...

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

Exploit for Code Injection in Geoserver

CVE-2024-36401 This is a program for checking vulnerabilities...

CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...

CVE-2024-46215

KM08-708H-v1.1 contains a buffer overflow in the /usr/sbin/goahead binary, caused by unsafe use of strcpy in the sub_445BDC() function. This vulnerability is documented across multiple feeds (NVD/Red Hat/CVE records) and affects the KM08-708H device. Exploitation details are not provided in these...

CVE-2024-46215

A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub445BDC function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow...

CVE-2024-9487 An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...

Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

Calling all vulnerability researchers! Get ready to immerse yourselves in the world of WordPress security with the Wordfence Cybersecurity Month Spooktacular Haunt , running from now through November 11th, 2024! What's Happening During This Cybersecurity Month Spooktacular Haunt? In celebration o...

PT-2024-6925 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Winlogon program of Windows operating systems. It allows an attacker to elevate their privileges. Recommendations: At the moment,...

CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

CVE-2024-41988

CVE-2024-41988 affects TEM Opera Plus FM Family Transmitter (affected version: 35.45). An unprotected endpoint allows MPFS File System binary image upload without authentication, affecting the HTTP2 web server module and SNMP module (and shared storage access). This can be exploited to overwrite ...

TEM Opera Plus FM Family Transmitter 访问控制错误漏洞

The TEM Opera Plus FM Family Transmitter is a frequency modulation FM transmitter device from TEM. An access control error vulnerability exists in TEM Opera Plus FM Family Transmitter version 35.45, which arises from allowing access to an unprotected endpoint that can upload a binary image of the...

5 Must-Have Tools for Effective Dynamic Malware Analysis

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five...

ROS-20241001-09

A vulnerability in the curl program is related to improper certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of the system...

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...