Lucene search
K

1453 matches found

Cvelist
Cvelist
added 2024/02/20 6:56 p.m.27 views

CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

5.3CVSS5.3AI score0.00524EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.12 views

CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

5.3CVSS6.7AI score0.00524EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.24 views

WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download

Description The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire...

6.5CVSS6.3AI score0.00644EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.6 views

PT-2024-17938 · WordPress · The Rss Aggregator By Feedzy – Feed To Post

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.2 Description: The issue allows authenticated attackers with Contributor access and above...

6.5CVSS9.4AI score0.00518EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.6 views

PT-2024-17942 · WordPress · The Directorist: Ai-Powered Wordpress Business Directory Plugin With Classified Ads Listings

Name of the Vulnerable Software and Affected Versions: The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 7.8.4 Description: The issue allows unauthorized modification of data due to a missing capability check on...

5.3CVSS6.1AI score0.00524EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/02/14 12:0 a.m.10 views

WordPress WP Setup Wizard Plugin <= 1.0.8.1 is vulnerable to Sensitive Data Exposure

Software WP Setup Wizard Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-25917 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5a05aed5e6cb Credits Dave Jong Patchstack...

8.8CVSS6.5AI score0.00644EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.4 views

PT-2024-20902 · Motorola · Motorola Cx2L Router

Name of the Vulnerable Software and Affected Versions: Motorola CX2L Router firmware version 1.0.1 Description: A hidden interface in the firmware leaks information regarding the SystemWizardStatus component via sending a crafted request to the device web ip. Recommendations: For Motorola CX2L...

5.3CVSS7.1AI score0.00377EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/02/07 6:23 p.m.5 views

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +10 more potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=2.0.0 <=5.1.10)

org.graylog2:graylog2-server MAVEN version =2.0.0, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.1.2, =2.2.0-alpha.1 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...

8.8CVSS7.2AI score0.34498EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/29 7:12 p.m.23 views

Security Bulletin: Flexera InstallShield has a security vulnerability that affects Content Manager Enterprise Edition Client for Windows (CVE-2016-2542)

Summary Flexera InstallShield has a security vulnerability that could be exploited in Content Manager Enterprise Edition V8.4.3 Client for Windows. The Content Manager Enterprise Edition V8.4.3 base and fixpack utilizes the Flexera InstallShield. Vulnerability Details CVEID: CVE-2016-2542...

7.8CVSS7.7AI score0.00503EPSS
Exploits0Affected Software1
Prion
Prion
added 2024/01/11 6:15 p.m.20 views

Design/Logic Flaw

A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has be...

5CVSS7.3AI score0.0132EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/01/11 6:0 p.m.47 views

CVE-2024-0418

CVE-2024-0418 affects iSharer and upRedSun File Sharing Wizard up to v1.5.0, with the vulnerable element identified as the GET Request Handler. The available descriptions state that remote manipulation can cause a denial of service and that the exploit has been disclosed publicly. The records do ...

7.5CVSS7.6AI score0.0132EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.3 views

File Sharing Wizard security vulnerability

File Sharing Wizard is a file sharing and transfer software package. A security vulnerability exists in File Sharing Wizard version 1.5.0, which is a denial of service due to unknown code in the component HTTP POST Request Handler...

7.5CVSS6.9AI score0.01142EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

File Sharing Wizard security vulnerability

File Sharing Wizard is a file sharing and transfer software package. A security vulnerability exists in File Sharing Wizard version 1.5.0, which results in a denial of service due to unknown code in the component GET Request Handler...

7.5CVSS6.9AI score0.0132EPSS
Exploits1References5
0day.today
0day.today
added 2024/01/08 12:0 a.m.276 views

File Sharing Wizard 1.5.0 Denial Of Service Exploit

!/usr/bin/perl use IO::Socket::INET; Exploit Title: File Sharing Wizard 1.5.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 07 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/13fs9IHSaGQ27YIQNDyrQV20jCT7owPQ6/view?usp=sharing Notificati...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/07 12:0 a.m.270 views

File Sharing Wizard 1.5.0 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: File Sharing Wizard 1.5.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 07 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/13fs9IHSaGQ27YIQNDyrQV20jCT7owPQ6/view?usp=sharing Notificati...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.4 views

PT-2023-31737 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue allows for unauthorized arbitrary command execution. This is possible through the merge parameter of the "setRptWizardCfg" interface in the "cstecgi.cgi" endpoint...

9.8CVSS9.5AI score0.0097EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-28185

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...

5.3CVSS6.1AI score0.18066EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/11/03 12:0 a.m.10 views

The vulnerability of the /goform/formEasySetupWizard3 component of the D-Link N300 WI-Fi Router DIR-605L wireless access point software allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the /goform/formEasySetupWizard3 component of the D-Link N300 WI-Fi Router DIR-605L wireless access point lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions or execute...

9CVSS8.2AI score0.01192EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/10/30 6:15 p.m.20 views

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.001EPSS
Exploits0References1
OSV
OSV
added 2023/10/30 6:15 p.m.3 views

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.001EPSS
Exploits0References1
Rows per page
Query Builder