175 matches found
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...
CVE-2024-25331
DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution RCE vulnerability elevated from HNAP Stack-Based Buffer Overflow...
CVE-2024-23174
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...
GHSA-J9RC-W3WV-FV62 XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Impact XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name ...
Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets
Maltrail v0.53 RCE PoC for Maltrail v0.53 RCE I could not get...
D-Link GO-RT-AC750 操作系统命令注入漏洞
The D-Link GO-RT-AC750 is a wireless dual-band simple router from China AUO D-Link. A security vulnerability exists in the D-Link GO-RT-AC750 revAv101b03 version, which originates from the parameter service of genacgimain containing command injection...
What are the impacts of FedRAMP® Rev. 5?
The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...
rev-vacances.fr Cross Site Scripting vulnerability OBB-3392289
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Open-Xchange OX App Suite 代码问题漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability previously existed in Open-Xchange OX App Suite version 7.10.6-rev30, which stemmed from the presence of server-side request forgery...
Kardex Mlog MCC 5.7.12 Remote Code Execution
!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...
D-Link DIR-882 Rev. A <= 1.30B06 Multiple Vulnerabilities
D-Link DIR-882 Rev. A devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
D-Link DIR-825 Rev B <= 2.10b02 NULL Pointer Dereference Vulnerability
D-Link DIR-825 Rev. B devices are prone to a NULL pointer dereference vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
HPESBNW04308 rev.5 - Aruba Products, Multiple Vulnerabilities
Potential Security Impact: Remote: Arbitrary Code Execution, Denial of Service DoS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba AirWave Management Platform 8.2.14.0 and below Aruba LIC-ALE-1 Analytics and Location Engine 1 AP License E-LTU 2.2.0.2 and below Aruba Fabric...
CVE-2021-43474
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 Lastest via any parameter in the HNAP1 function...
CVE-2020-36056
Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...
CVE-2021-28094
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32...
SUSE: Security Advisory (SUSE-SU-2021:2555-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...
Advisory ROSA-SA-2021-1948
Software: pcsc-lite 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2016-10109 CVE-Crit: HIGH CVE-DESC: Post-release exploitation vulnerability in pcsc-lite before 1.8.20 allows remote attackers to cause a denial of service failure with a command that uses "cardList" after the descriptor has been released using...
Advisory ROSA-SA-2021-1867
Software: libebml 1.3.9 OS: Cobalt 7.9 CVE-ID: CVE-2021-3405 CVE-Crit: MEDIUM CVE-DESC: A bug was found in libebml before version 1.4.2. A heap overflow bug exists in the EbmlString :: ReadData and EbmlUnicodeString :: ReadData implementations of libebml. CVE-STATUS: default CVE-REV: default...