234 matches found
WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...
WordPress plugin ThemeREX Addons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...
CVE-2001-1520
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant PDA via Rextools, and capturing the cleartext PIN...
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
Summary Reflected cross-site scripting XSS is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the...
CVE-2024-13448
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
WordPress plugin ThemeREX Addons 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModule 'LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator', 'Description' = 'Generates a Maliciou...
Native DNS Spoofer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Native DNS Spoofer Example', 'Description' = %q This module provides a Rex based DNS service to resolve queries intercepted via the capture mixin...
LG Simple Editor Remote Code Execution Exploit
This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...
CVE-2023-34412
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...
CVE-2023-34412
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...
Code injection
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...
CVE-2023-34412 Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...
CVE-2023-34412
CVE-2023-34412 affects Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200/250 devices with firmware
Helmholz REX 跨站脚本漏洞
Helmholz REX is a series of routers from Helmholz. A cross-site scripting vulnerability exists in the Helmholz REX 200 and REX 250, which stems from the ability to store an arbitrary JavaScript load on the device's diagnostic page...
PT-2023-24863 · Helmholz +1 · Rex 250 +2
Name of the Vulnerable Software and Affected Versions: Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower than 7.3.2 Description: A vulnerability in the affected devices allows an authenticated remote attacker to inject malicious HTML or JavaScript code...
CVE-2021-22283
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...
PT-2022-6575 · NetGear · Netgear Rax30
Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: The issue is related to the handling of JSON data and results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based...
CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...
CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...