Medium: unbound

Issue Overview: A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by queryin...

Amazon Linux 2 : unbound (ALAS-2024-2467)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2467 advisory. A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software...

CVE-2024-24926

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

CVE-2024-24926 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

CVE-2024-24926

CVE-2024-24926 describes a deserialization of untrusted data vulnerability in UnitedThemes Brooklyn Theme (WordPress Brooklyn) up to version 4.9.7.6. The connected documents specify a PHP object injection/deserialization flaw as the root cause and list the affected software as the Brooklyn Theme,...

CVE-2024-24927

CVE-2024-24927 affects UnitedThemes Brooklyn – a WordPress theme – with a Reflected XSS caused by improper input neutralization during web page generation. Affected versions are listed as up to 4.9.7.6 (n/a). Multiple sources corroborate the basic vulnerability description, including Red Hat, NVD...

Information disclosure

A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be...

JTRT Responsive Tables <= 4.1.9 - Cross-Site Request Forgery

Description The JTRT Responsive Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized acti...

Design/Logic Flaw

A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally...

CVE-2024-1190

A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been...

WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software JTRT Responsive Tables Type Plugin Vulnerable versions = 4.1.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24802 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 24c2f706b85d Credits Nguyen Xuan...

CVE-2024-0993

A vulnerability was found in Tenda i6 1.0.0.93857. It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch t...

Path traversal

A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function delsndb of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. T...

Command injection

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

Design/Logic Flaw

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attac...

Out-of-bounds

A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. The attack can be initiat...

Sql injection

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/deletewebmail.php. The manipulation of the argument WEBBODYIDSTR leads to sql injection. The exploit has been disclosed to the public and may be...

CVE-2024-0932

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49multiTDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

Stack overflow

A vulnerability has been found in Tenda AC10U 15.03.06.49multiTDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclos...

Command injection

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...