13 matches found
Permissive Cross-domain Policy with Untrusted Domains
Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via a misconfigured CORS policy that reflects arbitrary origins and allows credentials. An attacker can gain unauthorized access to sensitive data and perform actions on behalf of...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
Linux Distros Unpatched Vulnerability : CVE-2024-0564
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version...
SUSE CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...
DEBIAN-CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...
UBUNTU-CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...
SUSE CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...
CVE-2023-48483
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
DEBIAN-CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...
DEBIAN-CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...
UBUNTU-CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...
PT-2022-6478 · Zabbix +2 · Zabbix +2
Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to the lack of protection of the web page structure in Zabbix, allowing an authenticated user to create a link with a reflected XSS payload for actions' pages and send i...
Great Shop Creator SQL Injection
--------------------------------------------------------- Portal Name: Great Shop Creator Vendor: http://www.etoshop.com Author : PouyaServer , [email protected] Website: http://Pouya-Server.ir Vulnerability : Auth Bypass SQL Injection Vulnerability...