1453 matches found
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...
The vulnerability of TOTOLINK A3300R router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to bypass security restrictions and change Wi-Fi passwords.
The vulnerability of TOTOLINK A3300R router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and change the Wi-Fi password by resetting it on the /wizard.html or...
SUSE CVE-2024-49502
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
openSUSE 15 Security Update : kmail-account-wizard (openSUSE-SU-2024:0353-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0353-1 advisory. - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files boo1232454, kde487882 Tenable has extracted the precedi...
OPENSUSE-SU-2024:0353-1 Security update for kmail-account-wizard
This update for kmail-account-wizard fixes the following issues: - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files boo1232454, kde487882...
Security update for kmail-account-wizard (moderate)
openSUSE Security Update: Security update for kmail-account-wizard Announcement ID: openSUSE-SU-2024:0353-1 Rating: moderate References: 1232454 Cross-References: CVE-2024-50624 Affected Products: openSUSE Backports SLE-15-SP5 openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability i...
CVE-2024-50624
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...
DEBIAN-CVE-2024-50624
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...
CVE-2024-50624
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...
CVE-2024-50624
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...
CVE-2024-50624
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...
CVE-2020-36837
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there ...
CVE-2020-36837 ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there ...
All Hosts missing from PVS Desktop Wizard
When trying to create a catalog using the PVS Desktop Wizard, the host list may be empty even though the Delivery Controller you are connecting had Hosts configured. You may also not see the option to add hosts in the PVS console...
VulnCheck KEV: CVE-2020-36837
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if...
CVE-2024-9564
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The...
D-Link DIR-605L 安全漏洞
The D-Link DIR-605L is the first cloud router from AUO, aimed at home and small office network environments. The D-Link DIR-605L suffers from a buffer overflow vulnerability that originates from the function formWlanWizardSetup in the file /goform/formWlanWizardSetup.An attacker can exploit this...
D-Link DIR-605L 安全漏洞
The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the webpage parameter of the formWlanSetupWizard function in the /goform/formWlanSetupWizard page that fails to correctly validate the length of the...
CVE-2024-9556
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. T...