Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel that stems from a double release issue in the scmidebugfscommonsetup function...

The vulnerability of the hci_enhanced_setup_sync() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the hcienhancedsetupsync function in the net/bluetooth/hciconn.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

CVE-2024-9883 Pods < 3.2.7.1 - Admin+ Stored XSS

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the implementation of session setup an...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption during the initialization of the GNSS HAL process...

Exploit for CVE-2024-9926

wordpress-jetpack-broken-access-control-exploit This is a Pyt...

CVE-2024-51259

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setupcacertificate function...

Security update for 389-ds

This update for 389-ds fixes the following issues: Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 Re-enable use of .dsrc basedn for dsidm commands bsc1231462 Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

The vulnerability of the formEasySetupWWConfig function (/goform/formEasySetupWWConfig) in D-Link DIR-605L router software allows a hacker to execute arbitrary code.

The vulnerability of the formEasySetupWWConfig function /goform/formEasySetupWWConfig in D-Link DIR-605L router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high-performance router for enterprise networks from China DrayTek DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the...

PT-2024-34581 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into "mainfunction.cgi" and execute arbitrary commands by calling the setup cacertificate function. This enables attackers to potentially...

Exploit for Injection in Oracle Agile_Plm

针对 loj4j2 CVE-2021-44228 漏洞的研究 实验平台 - VirtualBox 7.0.12 r159484 Qt5.15.2 - Attacker kali - 网络地址转换（NAT） - host-only 网络 192.168.56.101 - Victim kali 2023.3 - 网络地址转换（NAT） - host-only 网络 192.168.56.112 实验任务 - - x 搭建实验平台 - - x 漏洞存在性验证 以 loj4j2 CVE-2021-44228 为例 - - x 漏洞可利用验证 以 loj4j2 CVE-2021-44228 为例...

UBUNTU-CVE-2024-50081

In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue -tagset before initializing hctx Commit 7b815817aa58 "blk-mq: add helper for checking if one CPU is mapped to specified hctx" needs to check queue mapping via tag set in hctx's cpuhp handler. However, q-tagset...

CVE-2024-50086 ksmbd: fix user-after-free from session log off

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add sessionlock when setting SMB2SESSIONEXPIRED and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition during the handling of smb2 session logout and setup, which could lead to memory reuse afte...

The vulnerability of the formWlanSetup function (/goform/formWlanSetup) in D-Link DIR-605L router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formWlanSetup function /goform/formWlanSetup in D-Link DIR-605L router software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of...

SUSE CVE-2024-49864

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpcopensocket, it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in...

CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

Exploit for CVE-2024-9926

wordpress-jetpack-broken-access-control-vulnerable-application...

Exploit for Cross-site Scripting in Netgate Pfsense

This post is a research article published by EQSTLabhttps://g...