Linux Distros Unpatched Vulnerability : CVE-2017-13690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. CVE-2017-13690 Note that Nessus relies on the presence of...

CVE-2020-2739

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...

Cab fare calculator < 1.0.4 - Unauthenticated LFI

The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable...

FineCMS front Desk unlimited getshell

No description provided by source...

Slack: Snooping into messages via email service

@uranium238 discovered a vulnerability with a 3rd party email integration provider which would allow messages in Slack email integrations to be leaked. We worked with the 3rd party to get this issue resolved, and performed a thorough investigation to confirm that this had never been exploited...