DRUPAL-CORE-2024-006

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

CVE-2024-9999

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-9999

CVE-2024-9999 affects Progress WS_FTP Server prior to version 8.8.9 (2022.0.9). The root cause is an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing bypass of the second-factor verification and login with username and password only. Impact described i...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...

CVE-2024-51561

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process...

PT-2024-34705 · Aero · Aero

Name of the Vulnerable Software and Affected Versions: Aero affected versions not specified Description: This issue exists due to improper implementation of the OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this by intercepting and manipulating...

DEBIAN-CVE-2024-49768

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

SUSE CVE-2022-48951

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in sndsocputvolswsx The bounds checks in sndsocputvolswsx are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stere...

DEBIAN-CVE-2022-48951

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in sndsocputvolswsx The bounds checks in sndsocputvolswsx are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stere...

SUSE CVE-2024-47689

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't set SBRDONLY in f2fshandlecriticalerror syzbot reports a f2fs bug as below: ------------ cut here ------------ WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcusyncdtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: ...

Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It's critical, but difficult to exploit reliably. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren't likely to lead to...

PT-2024-30676 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin has a default setting to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna i...

CVE-2023-28457

An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful...

CVE-2023-28457

An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful...

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server version 11.0.3 and earlier, which stems from an attacker being able t...

Malicious code in invokehttp (PyPI)

The init.py contains a call to execute a Base64-encoded script to download a second stage payload. --- -= Per source details. Do not edit below this line.=- Source: kam193 e3374942a3d2de4ea1f9444223c351c0ef5356c571a08e8ddb62144f7564def0 In the invokehttp, the init.py contains obfuscated code...

CVE-2024-7857

The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sorttype' parameter of the 'mlfchangesorttype' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

WordPress Media Library Folders plugin <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection vulnerability

Authenticated Subscriber+ Second-Order SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Media Library Folders versions = 8.2.2...

CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...