43 matches found
CVE-2026-23833
A flaw was found in ESPHome. An integer overflow vulnerability exists in the API component's protobuf decoder. A remote attacker can exploit this by sending a specially crafted, large fieldlength value, which bypasses a bounds check. This can lead to a denial-of-service DoS condition, causing the...
CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key vulnerability
Authentication Bypass Due to Insufficiently Unique Key vulnerability discovered by Thanh Nam Tran in WordPress Plugin WPC Shop as a Customer for WooCommerce versions = 1.2.8...
HMS Networks HMS Cosy+ 安全漏洞
HMS Networks HMS Cosy+ is an application for industrial remote access from HMS Networks, Sweden. A security vulnerability exists in HMS Networks HMS Cosy+ that stems from the use of a unique key to encrypt configuration parameters...
GHSA-R82W-3PHG-QVR4 Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
Moodle vulnerability CVE-2024-38277 concerns the QR login key and the auto-login key: a single key must not be reused between them. Connected docs (BIT-MOODLE-2024-38277) describe this exact issue, but do not provide concrete fix/version details. The impact/mitigation specifics are not fully disc...
PT-2024-27916 · Alt Linux · Alt Linux
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key...
Encryption 101: ShiOne ransomware case study
In part one of this series, Encryption 101: a malware analyst's primer, we introduced some of the basic encryption concepts used in malware. If you haven't read it, we suggest going back for a review, as it's necessary in order to be able to fully follow part two, our case study. In this study, w...
Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit
No description provided by source. !-- Particle Blogger All Version Post.PHP PostID Remote SQL Injection Exploit Type : SQL Injection Release Date : 2007-03-16 Product / Vendor : Particle Soft http://blogger.particlesoft.net/ Bug : http://localhost/script/post.php?postid=-SQL Inj- Particle Blogge...
Winamp <= 5.3 (WMV File) Remote Denial of Service Exploit
No description provided by source. !/usr/bin/perl --------------------------------- Winamp = WMV 5.3 Buffer Overflow DOS Exploit 0-DAY --------------------------------- Type : Buffer Overflow - DOS Release Date : 2007-04-16 Product / Vendor : Winamp Media Player http://www.winamp.com/ Exploit :...
MS Internet Explorer 7 Denial Of Service Exploit
!-- MS Internet Explorer 7 Denial Of Service Exploit Type : Denial Of Service Release Date : 2007-09-29 Product / Vendor : Microsoft http://www.Microsoft.com MS Internet Explorer 7 Denial Of Service Exploit : -- titleMS Internet Explorer 7 Denial Of Service Exploit/title body bgcolor="000000" br ...
Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service
!-- Wserve HTTP Server 4.6 Version Long Directory Name Buffer Overflow - Denial Of Service Type : Buffer Overflow - Denial of Service Release Date : 2007-04-05 Product / Vendor : Wserve HTTP Server http://sourceforge.net/projects/whttp -- GET / HTTP/1.0rn /127.0.0.1:80/AAAAAA2000. !-- Error :...
Wserve HTTP Server 4.6 - Long Directory Name Denial of Service
Wserve HTTP Server 4.6 - Long Directory Name Denial of Service !perl Wserve HTTP Server 4.6 Version Long Directory Name Buffer Overflow - Denial Of Service Type : Buffer Overflow - Denial of Service Release Date : 2007-04-05 Product / Vendor : Wserve HTTP Server...
Wserve HTTP Server 4.6 (Long Directory Name) Denial of Service Exploit
Exploit for unknown platform in category dos / poc ====================================================================== Wserve HTTP Server 4.6 Long Directory Name Denial of Service Exploit ====================================================================== !perl Wserve HTTP Server 4.6 Versio...
Wserve HTTP Server 4.6 - Long Directory Name Denial of Service
!perl Wserve HTTP Server 4.6 Version Long Directory Name Buffer Overflow - Denial Of Service Type : Buffer Overflow - Denial of Service Release Date : 2007-04-05 Product / Vendor : Wserve HTTP Server http://sourceforge.net/projects/whttp PoC : GET / HTTP/1.0\r\n /127.0.0.1:80/AAAAAA2000. Error :...
phpfusion2-sql.txt
!/usr/bin/perl -w PHP-Fusion 'CalendarPanel' Module showevent.PHP mmonth SQL Injection Exploit And PoC Type : SQL Injection Release Date : 2007-03-31 Product : http://php-fusion.co.uk/ Bug : http://localhost/script/modules/articles/print.php?id=x AND 1=1 or 1=0 PoC :...
xoops-blind.txt
Xoops All Version -Articles- Print.PHP ID Blind SQL Injection Exploit And PoC Type : SQL Injection Release Date : 2007-03-26 Product / Vendor : Xoops Portal http://www.Xoops.Org Bug : http://localhost/script/modules/articles/print.php?id=x AND 1=1 or 1=0 PoC :...
Xoops module Articles <= 1.02 (print.php id) SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w Xoops All Version -Articles- Print.PHP ID Blind SQL Injection Exploit And PoC Type : SQL Injection Release Date : 2007-03-26 Product / Vendor : http://support.sirium.net/ Bug : http://localhost/script/modules/articles/print.php?id=x AND 1=1 or...