MiracleLinux 7 : pacemaker-1.1.13-10.el7 (AXSA:2015-850:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-850:01 advisory. Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with...

HP Integrated Lights-Out Improper Input Validation (CVE-2014-7876)

Unspecified vulnerability in HP Integrated Lights-Out iLO firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management CM firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. This plugin only works with...

EUVD-2013-6243

Malware in sbrugna...

EUVD-2020-22952

Malware in sbrugna...

EUVD-2021-15700

Malware in sbrugna...

CVE-2025-57685

The CVE-2025-57685 issue affects LB-Link routers including BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3. According to the provided sources, the vulnerability is an unauthorized command injection via the /goform/set...

CVE-2025-37123 Authenticated Command Injection leads to Unauthorized Actions in CLI Interface

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on...

CVE-2025-57799

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

CVE-2020-35273

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery CSRF to remotely gain privileges in the User Profile panel. An attacker can update any user's account...

CVE-2010-2944

The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges...

CVE-2024-8585

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files...

CVE-2023-27843

SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component...

SUSE CVE-2005-2450

Multiple integer overflows in the 1 TNEF, 2 CHM, or 3 FSG file format processors in libclamav for Clam AntiVirus ClamAV 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message...

SUSE CVE-2005-3538

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges...

SUSE CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."...

SUSE CVE-2011-3655

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site...

CVE-2022-40739

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS Reflected Cross-Site Scripting attack...

Jenkins allows Administrators to Access API Tokens

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

CVE-2020-18713

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php...