Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

CVE-2025-8065

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...

CVE-2025-8065

A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service DoS...

USN-7648-3: PHP regression

USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...

USN-7648-2 php7.0, php7.2, php7.4 vulnerabilities

USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker...

Linux Distros Unpatched Vulnerability : CVE-2025-6491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML...

OESA-2025-1888 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

USN-7648-1 php8.1, php8.3, php8.4 vulnerabilities

It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...

Journyx 代码问题漏洞

Journyx is a cloud-based time tracking software from Journyx. A code issue vulnerability exists in Journyx version 11.5.4 that stems from an XML body that allows SOAP requests to contain references to external entities, which could allow an unauthenticated attacker to read local files, perform...

CVE-2023-44407

D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

FujiFilm printer credentials encryption issue fixed

TL;DR Many multi-function printers made by FujiFilm Business Innovation Corporation Fujifilm which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation Xerox which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials o...

USN-5006-1 php7.2, php7.4 vulnerabilities

It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-7068 It wa...

Zyxel / Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

require 'msf/core' class MetasploitModule 'Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064', 'Description' = %q Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer'...

CA Total Defense Suite UNCWS getDBConfigSettings Credential Information Disclosure (CVE-2011-1655)

An information disclosure vulnerability has been reported in CA Total Defense Suite. The vulnerability is due to insufficient access control when handling requests to the getDBConfigSettings web method. A remote attacker may exploit this vulnerability by sending a specially crafted SOAP xml to th...

HTTP SOAP Verb/Noun Brute Force Scanner

This module attempts to brute force SOAP/XML requests to uncover hidden methods. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SOAP Verb/Noun Brute Force Scanner', 'Description' = %q Thi...

SOAP/XML Plaintext Credentials Disclosure

Binary data 4757.prm...