71 matches found
CVE-2023-45317
CVE-2023-45317 concerns Sielco Radio Link and Analog FM Transmitters. The issue is a Cross-Site Request Forgery where HTTP requests may be accepted without proper validation, potentially allowing an authenticated user to perform administrative actions by visiting a malicious site. The affected pr...
GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services AWS, Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by...
Incorrect Key Verification
in-toto is vulnerable to Incorrect Key Verification. The vulnerability exists because GnuPG is not invoked during key verification when specifying the PGP key via its ID, which allows an attacker to bypass validity checks inside GnuPG. For example, because in-toto does not properly use GnuPG, a P...
SUSE CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
SUSE CVE-2019-6475
Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...
Oracle does not treat upward and downward price movement the same in validity checks, causing safety issues in oracle usage.
Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. maxPriceDeviation is a configurable parameter, which limits the change percentage from current price to a new feed update. We can see how priceDeviation is calculated and compared to...
WordPress Welcart eCommerce directory traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Welcart eCommerce 2.7.7 and earlier versions are vulnerable to a directory traversal vulnerability,...
GSD-2022-1006264 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...
GSD-2022-1005897 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...
GSD-2022-1005663 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
GSD-2022-1005331 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
D-LINK DIR-825 AC1200 R2 Directory Traversal Vulnerability
The D-LINK DIR-825 AC1200 R2 is a router from China-based AUO D-LINK. The D-LINK DIR-825 AC1200 R2 suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths when processing directory requests, which can be exploited by an attacker to access the entire...
RARLAB UnRAR Directory Traversal Vulnerability
UnRAR is a command that decompresses files with an rar suffix.RARLAB A directory traversal vulnerability exists in versions of UnRAR prior to 6.12. The vulnerability stems from a lack of validity checks on paths when processing directory requests, and can be exploited by attackers to write files...
CVE-2021-29239
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity...
bloofoxCMS 0.5.2.1 - CSRF (Add user)
Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL:...
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com CVE: CVE-2019-12624 Description : The applicatio...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) Vulnerability
Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient...
Teradek Slice 7.3.15 Change Password Cross Site Request Forgery
...