CVE-2020-25868

CVE-2020-25868 affects Pexip Infinity 22.x through 24.x before 24.2, with an improper input validation flaw in call setup. An unauthenticated remote attacker can trigger a software abort, causing temporary service disruption. Public references in the provided documents confirm the impact and affe...

The vulnerability of the PDFDoc::setup function in the PDFDoc.cc component of the Poppler PDF rendering library, related to a lack of input validation mechanism, allows attackers to cause service failures.

The vulnerability of the PDFDoc::setup function in the PDFDoc.cc component of the Poppler PDF rendering library leads to the return of an incorrect value. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created PDF file...

TiEtwAgent - PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes

This project was created to research, build and test different memory injection detection use cases and bypass techniques. The agent utilizes Microsoft-Windows-Threat-Intelligence event tracing provider, as a more modern and stable alternative to Userland-hooking, with the benefit of Kernel-mode...

PT-2021-10662 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.13 Description: The issue allows for Code Injection via the "/phpwcms/setup/setup.php" API endpoint. Recommendations: For phpwcms version 1.9.13, at the moment, there is no information about a newer version that contains a...

CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the 1 sitename, 2 username, and 3 email parameters to /admin/setup.php...

Enable RSA SecurID Authentication for DFA in Storefront

How to Enable RSA SecurID Authentication for DFA in storefront server...

F5 BIG-IQ VE 8.0.0-2923215 Remote Root

F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

defenselessV1 - Just Another Vulnerable Web Application

Defenseless is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable...

Exploit for SQL Injection in Djangoproject Django

CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28（不含） - 2.2 到 2.2.10（不含） - 3.0 到 3.0.3（不含） 下载使用前需要如下操作： 1. 安装 django 漏洞版本，我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...

SUSE: Security Advisory (SUSE-SU-2019:0137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-39688)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

The vulnerability of the smtp_setup_msg() function in the Exim message forwarding agent, related to reading beyond the buffer in memory, allows an attacker to access confidential information.

The vulnerability of the smtpsetupmsg function in the Exim message forwarding agent is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information by sending a specially crafted message to t...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

Fastspot BigTree 操作系统命令注入漏洞

BigTree CMS is an open source content management system based on PHP and MySQL. A remote code execution vulnerability exists in BigTree CMS 4.4.10 and earlier versions. The vulnerability can be exploited to execute arbitrary commands by sending a specially crafted request to the server via the...

Schneider Electric spaceLYnk和homeLYnk 信息泄露漏洞

Schneider Electric homeLYnk and spaceLYnk are both automation programming software for different logic controllers from Schneider Electric, France. Schneider Electric homeLYnk and spaceLYnk are vulnerable to an information disclosure vulnerability that could result in the program being corrupted...

PT-2024-11206 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, where a vulnerability has been resolved by adding error handling in the sja1105 setup function. If any of the sja1105 static config load,...

PT-2022-1369 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free flaw was found in the Linux kernel’s io uring subsystem, allowing a local user to crash or escalate their privileges on the system. This issue is related to the way a...

hostapd: UPnP SUBSCRIBE misbehavior in WPS AP

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

ALBA-2021:1864 initial-setup bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...