CVE-2024-56703

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6selectpath under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the bird service, these routers continuous...

AZL-57615 CVE-2024-56703 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6selectpath under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the bird service, these routers continuous...

CVE-2024-56703 ipv6: Fix soft lockups in fib6_select_path under high next hop churn

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6selectpath under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the bird service, these routers continuous...

CVE-2024-56703

CVE-2024-56703 affects the Linux kernel and describes soft lockups in fib6_select_path under high next-hop churn. The issue occurs when nodes in the multipath fib6_siblings list are concurrently deleted on another core, causing a loop that triggers a watchdog-based panic. The mitigation implement...

CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

CVE-2024-5312

CVE-2024-5312 describes an XSS in PHP Server Monitor 3.2.0. Affected component: the index.php under /vendor/phpmailer/phpmailer/test_script/index.php, where all visible parameters are vulnerable. An attacker can craft a URL that, when visited by a user, could expose the victim’s session details. ...

PT-2024-35585 · Unknown +1 · Php Server Monitor +1

Name of the Vulnerable Software and Affected Versions: PHP Server Monitor version 3.2.0 Description: The issue allows for an XSS attack via the "/phpservermon-3.2.0/vendor/phpmailer/phpmailer/test script/index.php" page, where all visible parameters are vulnerable. An attacker can create a...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

The vulnerability of the command_test.php script of the Core Config Manager component of the Nagios XI monitoring tool allows a hacker to execute arbitrary code.

The vulnerability of the commandtest.php script of the Core Config Manager component of the Nagios XI monitoring tool is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

CVE-2023-3221

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

CVE-2023-3221

CVE-2023-3221 affects Roundcube’s Password Recovery plugin (version 1.2). The vulnerability is a user enumeration flaw in the password recovery function, enabling a remote attacker to enumerate all users in the database. Impact is limited to information disclosure; exploitation status is not prov...

CVE-2023-3221 User enumeration vulnerability in Roundcube Password Recovery Plugin

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

Locking up AURA Token does not increase voting power of individual

Lines of code Vulnerability details Background Per the documentation, AURA tokens can be locked in the AuraLocker to recieve vlAURA. vlAURA is voting power in the AURA ecosystem. It is also possible for the users to delegate their voting power to a specific address by calling the...

buffer_overflow

This is a repository for a buffer overflow assignment, specifically targeting six vulnerable programs. The repository contains the source code for the vulnerable programs, as well as a Makefile and a Python script for building and testing the exploits. The vulnerable programs are written in C and...

Open-Xchange: Command Injection via STARTTLS in SMTP

During our research into the security of email servers at Münster University of Applied Sciences, we found a command injection vulnerability related to STARTTLS in Dovecot. See the attached advisory for details. The vulnerability allows a MITM attacker between a mail client and Dovecot to inject...

Exploit for CVE-2020-14882

CVE-2020–14882 Weblogic Unauthorized bypass RCE CVE-2020-14...

Mail.ru: пхпинфо

Test script with phpinfo output was available in russianaicup.ru...

Orange Livebox Cross-Site Request Forgery Vulnerability (CNVD-2019-03335)

Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. In Orange Livebox version 00.96.320S Firmware version 00.96.320S, Boot v0.70.03, Modem version 5.4.1.10.1.1A, Hardware version 02 and Arcadyan ARV7519RW22-A-L T VR9 version 1.2 and Arcadyan ARV7519RW22-A-L T VR9 1.2 versions, a...

Mail.ru: ОДМИН ТЭСТ

Test script on jw-cn-test-1.ext.terrhq.ru could be used to disclosure local database account. Database itself was not accessible...

CVE-2018-11139

The '/common/ajaxemailconnectiontest.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TESTSERVER'...