CVE-2023-24346

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wanconnected parameter at /goform/formEasySetupWizard3...

CVE-2023-24344

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup...

CVE-2023-24344

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup...

How to Configure GSLB Setup for Internal Users From GUI

This article contains information about how to configure a GSLB setup for internal users using the same host name. In some scenarios, the administrator requires that all external users coming through the Internet must go through the Citrix Gateway using a public or external IP Address, whereas al...

CVE-2023-23944

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

Design/Logic Flaw

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite

CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...

Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite

CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...

Nextcloud 安全漏洞

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...

Arigato Autoresponder and Newsletter < 2.7.1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CC Custom Taxonomy <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Command Injection

nemo-appium is vulnerable to Command Injection. The vulnerability exists due to improper input sanitization in the module.exports.setup function of index.js, allowing an attacker to inject and execute malicious commands. To successfully exploit this vulnerability, appium-running 0.1.3 must be...

Pinpoint Booking System < 2.9.9.2.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

VulnCheck KEV: CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

PT-2023-12661 · Unknown · Appium-Running +1

Name of the Vulnerable Software and Affected Versions: nemo-appium versions prior to 0.0.9 Description: The issue arises from improper input sanitization in the module.exports.setup function, leading to Command Injection. To exploit this, appium-running 0.1.3 must be installed as one of...

Malicious code in wrf-grid-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaf07ec4e4422ea585def46dd4f2468efa7d305b876e927ecdfa67cb4d1258f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview wrf-grid-setup is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...