18 matches found
EUVD-2004-2669
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-52783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem...
CVE-2024-6666
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2024-6666
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2024-6666 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id vulnerability
Authenticated Accounting Manager+ SQL Injection via vendorid vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...
PT-2024-37787 · WordPress · Wp Erp
Name of the Vulnerable Software and Affected Versions: WP ERP plugin for WordPress versions up to, and including, 1.13.0 Description: The issue is related to SQL Injection via the vendor id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on...
Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...
SUSE CVE-2023-52783
In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of 'wx-mactable' is allocated. The null pointer will causes the kernel panic...
UBUNTU-CVE-2023-52783
In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of 'wx-mactable' is allocated. The null pointer will causes the kernel panic...
CVE-2023-52783 net: wangxun: fix kernel panic due to null pointer
In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of 'wx-mactable' is allocated. The null pointer will causes the kernel panic...
Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IKEEXT service, which listens on UDP ports 500 and 4500. A crafted...
ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)
Discover and fingerprint IKE hosts IPsec VPN Servers. Building and Installing ike-scan uses the standard GNU autoconf and automake tools, so installation is the normal process: Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code Run cd ike-scan to enter source...
CVE-2017-3130
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets...
[USBLogView] Records the details of any USB device that is plugged or unplugged into your system
USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system. For every log line created by USBLogView, the following information is displayed: Event Type Plug/Unplug, Event Time, Device Name, Description, Device...
SmarterMail Email正文HTML注入漏洞
Bugtraq ID:64970 SmarterMail是一款邮件服务程序。 SmarterMail不正确过滤Email正文数据,允许远程攻击者利用漏洞构建恶意邮件,诱使用户解析,当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 SmarterMail 11.x 目前没有详细解决方案提供: http://www.smartertools.com/smartermail/mail-server-software.aspx ?php / Exploit Title: SmarterMail Enterprise and Standard =11.x Stored XSS Google...
SuSE 11.2 Security Update : freeradius (SAT Patch Number 7255)
This update for freeradius-server provides the following fixes and improvements : - Increase the vendor IDs limit from 32767 to 65535. bnc791666 - Fix issues with escaping special characters in password. bnc797515 - Respect expired passwords and accounts when using the unix module. bnc797313,...
Design/Logic Flaw
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices...