1453 matches found
CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download
Description The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire...
PT-2024-17938 · WordPress · The Rss Aggregator By Feedzy – Feed To Post
Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.2 Description: The issue allows authenticated attackers with Contributor access and above...
PT-2024-17942 · WordPress · The Directorist: Ai-Powered Wordpress Business Directory Plugin With Classified Ads Listings
Name of the Vulnerable Software and Affected Versions: The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 7.8.4 Description: The issue allows unauthorized modification of data due to a missing capability check on...
WordPress WP Setup Wizard Plugin <= 1.0.8.1 is vulnerable to Sensitive Data Exposure
Software WP Setup Wizard Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-25917 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5a05aed5e6cb Credits Dave Jong Patchstack...
PT-2024-20902 · Motorola · Motorola Cx2L Router
Name of the Vulnerable Software and Affected Versions: Motorola CX2L Router firmware version 1.0.1 Description: A hidden interface in the firmware leaks information regarding the SystemWizardStatus component via sending a crafted request to the device web ip. Recommendations: For Motorola CX2L...
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +10 more potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=2.0.0 <=5.1.10)
org.graylog2:graylog2-server MAVEN version =2.0.0, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.1.2, =2.2.0-alpha.1 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...
Security Bulletin: Flexera InstallShield has a security vulnerability that affects Content Manager Enterprise Edition Client for Windows (CVE-2016-2542)
Summary Flexera InstallShield has a security vulnerability that could be exploited in Content Manager Enterprise Edition V8.4.3 Client for Windows. The Content Manager Enterprise Edition V8.4.3 base and fixpack utilizes the Flexera InstallShield. Vulnerability Details CVEID: CVE-2016-2542...
Design/Logic Flaw
A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has be...
CVE-2024-0418
CVE-2024-0418 affects iSharer and upRedSun File Sharing Wizard up to v1.5.0, with the vulnerable element identified as the GET Request Handler. The available descriptions state that remote manipulation can cause a denial of service and that the exploit has been disclosed publicly. The records do ...
File Sharing Wizard security vulnerability
File Sharing Wizard is a file sharing and transfer software package. A security vulnerability exists in File Sharing Wizard version 1.5.0, which is a denial of service due to unknown code in the component HTTP POST Request Handler...
File Sharing Wizard security vulnerability
File Sharing Wizard is a file sharing and transfer software package. A security vulnerability exists in File Sharing Wizard version 1.5.0, which results in a denial of service due to unknown code in the component GET Request Handler...
File Sharing Wizard 1.5.0 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: File Sharing Wizard 1.5.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 07 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/13fs9IHSaGQ27YIQNDyrQV20jCT7owPQ6/view?usp=sharing Notificati...
File Sharing Wizard 1.5.0 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: File Sharing Wizard 1.5.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 07 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/13fs9IHSaGQ27YIQNDyrQV20jCT7owPQ6/view?usp=sharing Notificati...
PT-2023-31737 · Totolink · Totolink Ex1800T
Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue allows for unauthorized arbitrary command execution. This is possible through the merge parameter of the "setRptWizardCfg" interface in the "cstecgi.cgi" endpoint...
VulnCheck KEV: CVE-2020-28185
User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...
The vulnerability of the /goform/formEasySetupWizard3 component of the D-Link N300 WI-Fi Router DIR-605L wireless access point software allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the /goform/formEasySetupWizard3 component of the D-Link N300 WI-Fi Router DIR-605L wireless access point lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions or execute...
CVE-2023-21397
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21397
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...