77 matches found
CVE-2025-21673
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...
CVE-2025-21673
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...
CVE-2025-21673
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...
CVE-2025-21673 smb: client: fix double free of TCP_Server_Info::hostname
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...
lgsl Stored Cross-Site Scripting vulnerability
Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...
Splunk __raw Server Info Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk raw Server Info Disclosure ', 'Description' = %q Splunk 6.2.3 through 7.0.1 allows information disclosure by appending...
PT-2024-26834
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description A potential deadlock in the cifs sync mid result function has been resolved. The issue was spotted by Coverity, which identified a thread deadlock due to lock ordering. The problem occurs when...
Splunk __raw Server Info Disclosure
Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /raw/services/server/info/server-info?outputmode=json to a query. Versisons 6.6.0 through 7.0.1 require authentication. Module Options msf use auxiliary/gather/splunkrawserverinfo msf auxiliarysplunkrawserverinfo show actions...
VulnCheck KEV: CVE-2018-11409
Splunk through 7.0.1 allows information disclosure by appending raw/services/server/info/server-info?outputmode=json to a query, as demonstrated by discovering a license key...
Code injection
Uncontrolled search path element in some IntelR Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
Information leakage vulnerability in Dahua DSS system
DSS Digital Surveillance System is a digital surveillance management system developed by Zhejiang Dahua Technology Co. There is an information leakage vulnerability in Dahua DSS system, which can be exploited by an attacker to obtain server related information and cause information leakage...
WordPress Server Info Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Server Info Type Plugin Vulnerable versions = 2.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 548d1464357e Credits Rafie Muhammad Patchstack Required privile...
D-Link DIR-1935 操作系统命令注入漏洞
The D-Link DIR-1935 is a wireless router from China's AUO D-Link. The D-Link DIR-1935 suffers from an operating system command injection vulnerability that originates when parsing sub-elements within a VirtualServerInfo element, where the process does not properly validate before executing a syst...
SUSE CVE-2022-4450
The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...
WordPress Server Info plugin <= 2.5.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Server Info plugin versions = 2.5.3. Solution No patched version available...
WordPress Server Info plugin <= 2.5.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Server Info plugin versions = 2.5.3. Solution No patched version available...
Siemens Mendix 安全漏洞
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment, and iteration. A security vulnerability exists in Siemens Mendix. The vulnerability stems from a program upload operation of an XML file that results in ...
Code injection
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users...
CVE-2020-16997
Remote Desktop Protocol Server Information Disclosure Vulnerability...
CVE-2019-18864
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine...