Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

Constellation allows Emergency shell access during initramfs boot phase

Impact An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM. Patches The issue has been patched in v2.6.0. Workarounds none...

CVE-2021-32441

SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...

Sql injection

SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...

OIC Exponent CMS SQL注入漏洞

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions. An SQL injection vulnerability exists in OIC Exponent CMS...

GHSA-G34C-MG6M-XVXJ Cobbler subject to Command Injection

A Command Injection in actionpower.py in Cobbler prior to v2.6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...

CVE-2021-3861

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj...

Heap overflow

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj...

CVE-2021-3861

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj...

CVE-2021-3861

The vulnerability CVE-2021-3861 affects Zephyr’s RNDIS USB device class. The issue is a Heap-based Buffer Overflow (CWE-122) in Zephyr versions >= 2.6.0, caused by improper memory boundary handling in the RNDIS USB class. Impact is high for confidentiality, integrity, and availability per the ...

CVE-2021-3861 The RNDIS USB device class includes a buffer overflow vulnerability

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj...

Denial of Service Vulnerability in S7 300 Communication Card CP343-1

Siemens PLC CP 343-1 Model 6GK7 343-1EX30-0XE0 Firmware is the communication processor. A denial of service vulnerability exists in Siemens PLC CP 343-1 model 6GK7 343-1EX30-0XE0 firmware version V2.6.0. An attacker can cause the PLC to refuse to reply to a new COTP request from the client,...

OneOrZero AIms 2.6.0 Members Edition - Multiple Vulnerabilities

:::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities Author = Valentin Hoebel Contact = [email protected] :::::::::::::::::::::::::::::::::::::: 0x2...