17 matches found
kernel: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect filemapcount for non-leaf pmd/pud The page table check trigger BUGON unexpectedly when collapse hugepage: ------------ cut here ------------ kernel BUG at mm/pagetablecheck.c:82! Internal error: Oops - BUG...
DEBIAN-CVE-2022-48897
In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect filemapcount for invalid pmd The page table check trigger BUGON unexpectedly when split hugepage: ------------ cut here ------------ kernel BUG at mm/pagetablecheck.c:119! Internal error: Oops - BUG:...
CVE-2023-24495
A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...
Server side request forgery (ssrf)
A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...
CVE-2023-24495
A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...
PT-2023-9438 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc3+ Description: The issue is related to the arm64/mm component of the Linux kernel, where incorrect handling of memory allocation errors can lead to a denial of service. On arm64, the pmd leaf function...
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...
RLSA-2022:1820 Low: udisks2 security and bug fix update
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks2: insecure defaults in user-accessible mount helpers allow for a DoS CVE-2021-3802 For more details about the security issues, including the impact,...
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation E
Exploit for windows platform in category local exploits Windows: Windows: Desktop Bridge Virtual Registry Arbitrary File Read/Write EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual registry for desktop bridge applications can...
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
Exploit Title: Single Personal Message 1.0.3 – Plugin WordPress – Sql Injection Date: 28/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/simple-personal-message/ Software Link: https://wordpress.org/plugins/simple-personal-message/ Contact:...
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection Exploit Title: Single Personal Message 1.0.3 – Plugin WordPress – Sql Injection Date: 28/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/simple-personal-message/ Software Link:...
Centreon 2.6.x < 2.6.2 File Upload RCE
According to its version number, the Centreon application hosted on the remote web server is 2.6.x prior to 2.6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files via the main.php script. An authenticated, remote attacker can...
WordPress Plugin WP EasyCart - Unrestricted Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress WP EasyCart Unrestricted File Upload', 'Description' = %qWordPress Shopping Cart WP EasyCart Plugin for WordPress...
WP Symposium Plugin for WordPress Arbitrary File Upload
Added: 01/29/2015 BID: 71686 OSVDB: 116046 Background WP Symposium is a social network plugin for WordPress. Problem WP Symposium Plugin for WordPress contains a vulnerability that allows a remote attacker to execute arbitrary PHP code. This vulnerability is due to the...
Linux Kernel 2.6.x 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33846/info The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation. Successful exploits will allow...
UBUNTU-CVE-2001-1593
Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spyuser. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running a2ps...
[Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops
There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on...