Online Warehouse Stanislav Savchenko Website OK (No. 3 dated May 6, 2025 at 19:21:06)

...

Online Warehouse Stanislav Savchenko Website OK (No. 2 dated May 6, 2025 at 19:21:06)

...

The vulnerability of the INDIGO testing system lies in the absence of restrictions on authentication attempts. This allows a perpetrator to carry out an attack using brute-force methods—automated password retrieval.

The vulnerability of the INDIGO testing system is related to the absence of restrictions on authentication attempts. Exploiting this vulnerability allows a perpetrator, operating remotely, to carry out an attack using brute-force methods automated password cracking...

The vulnerability of the DIAFAN.CMS content management system lies in insufficient validation of arguments passed in commands, allowing attackers to execute XSS attacks.

The vulnerability of the DIAFAN.CMS content management system is related to insufficient checking of arguments passed in commands. Exploitation may allow a malicious actor, operating remotely, to carry out XSS attacks by injecting specially crafted JavaScript code...

The vulnerability of PARTS SOFT’s CMS, related to discrepancies in responses to incoming requests, allows a hacker to uncover the user’s identifier.

The vulnerability of the PARTS SOFT CMS content management system is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability allows an attacker to disclose the user’s identifier by sending a specially crafted GET request...

Online Warehouse Stanislav Savchenko Website OK (No. 1 dated May 6, 2025 at 19:21:06)

...

Vulnerability eliminated

...

The vulnerability of PARTS SOFT’s CMS, related to insufficient verification of the authenticity of executed requests, allows a hacker to perform a CSRF attack.

The vulnerability of PARTS SOFT’s CMS is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack by sending a specially crafted POST request...

The vulnerability of the Google ChromeOS operating system’s component installation mechanisms allows attackers to circumvent security restrictions and enhance their privileges.

The vulnerability of the Google ChromeOS operating system’s component installation mechanisms components/componentupdater/componentinstaller.cc is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to bypass security restrictions and gain...

The vulnerability of the software client for network access provisioning in SonicWall Connect Tunnel allows a hacker to trigger a service failure.

The vulnerability of the software client for network access provisioning in SonicWall Connect Tunnel is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow a hacker to cause a service failure...

The vulnerability of the Message Stream module of the XWiki Platform, a platform for creating collaborative web applications. The XWiki Platform allows attackers to gain unauthorized access to protected information.

The vulnerability of the Message Stream module of the XWiki Platform, a platform for creating collaborative web applications, involves the disclosure of information in an unauthorized manner. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected informatio...

The vulnerability of the server of the Zabbix universal monitoring system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Zabbix universal monitoring system relates to the use of uncontrolled format strings in processing HttpRequest objects. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Apache James deployment and corporate email management software lies in its insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the Apache James software for deploying and managing corporate email is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the Arrays.equals() method in the Apache Hive database, which allows an attacker to cause a service failure.

The vulnerability of the Arrays.equals method in the Apache Hive database is related to manipulating unknown inputs, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow an attacker to cause service failures...

The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software lies in the lack of measures taken to clean data at the management level, allowing attackers to execute arbitrary codes.

The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure through a specially crafted...

The vulnerability of the Compositing component in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or trigger a service denial.

The vulnerability of the Compositing component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure...

The vulnerability of the Apache James software server for enterprise email deployment and management involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the Apache James software server for deployment and corporate email management is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure, which are network access control tools, stems from buffer overflow in the stack. This allows a malicious user to trigger a service failure.

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the snmptrapd daemon in the universal monitoring system Zabbix allows a intruder to replace the user interface.

The vulnerability of the snmptrapd daemon in the Zabbix monitoring system is related to improper processing of output data for registration logs. Exploiting this vulnerability allows a remote attacker to replace the user interface...

The vulnerability of the getpeername() function in the WSGI server for Python Waitress allows a attacker to cause a service failure.

The vulnerability of the getpeername function in the WSGI server for Python Waitress is related to the failure to release resources after their useful period has ended. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the bitmap_ip_uadt() function in the Google ChromeOS operating system allows a hacker to bypass security restrictions and execute arbitrary code.

The vulnerability of the bitmapipuadt function in the Google ChromeOS operating system is related to deficiencies in access control due to incorrect checking of IP address boundaries when processing the IPSETATTRCIDR parameter. Exploiting this vulnerability allows a remote attacker to bypass...

The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries in memory when processing the prompt parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the verbose parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the LIST parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the Goto_chidx() function in the login.cgi script of the Wavlink WN530H4, WN530HG4, and WN572HG3 router microprogramming systems allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the Gotochidx function in the login.cgi script of the Wavlink WN530H4, WN530HG4, and WN572HG3 router microprogramming systems is related to the reading of data beyond the buffer boundaries in memory during the processing of the wlanUrl parameter. Exploiting this vulnerability...

The vulnerability of the ping_ddns() function in the internet.cgi scenario of the Wavlink WN530H4, WN530HG4, and WN572HG3 routers allows attackers to execute arbitrary commands.

The vulnerability of the pingddns function in the internet.cgi scenario of the Wavlink WN530H4, WN530HG4, and WN572HG3 routers is related to the lack of data cleaning at the management level when processing DDNS parameters. Exploiting this vulnerability allows a remote attacker to execute arbitra...

The vulnerability of the xmlSnprintfElements() function in the libxml2 library allows a hacker to execute arbitrary code.

The vulnerability of the xmlSnprintfElements function in the libxml2 library is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the list_item_verbose() function in the Libarchive library allows a hacker to execute arbitrary code on the target system.

The vulnerability of the listitemverbose function in the Libarchive library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of the sniff_unknown() function in the GNOME graphical interface library libsoup allows a attacker to cause a service failure.

The vulnerability of the sniffunknown function in the GNOME graphical interface library libsoup is related to insufficient checking of exceptional states. Exploiting this vulnerability could allow a remote attacker to cause a service failure by sending a specially crafted POST request...

The vulnerabilities of the functions sniff_feed_or_html() and skip_insignificant_space() in the GNOME graphical interface library libsoup allow a attacker to cause a service failure.

The vulnerabilities of the functions snifffeedorhtml and skipinsignificantspace in the GNOME graphical interface library libsoup are related to the lack of checks for buffer size and reading beyond the memory boundaries. Exploiting these vulnerabilities could allow a remote attacker to cause a...

The vulnerability of CommVault’s backup and disaster recovery web server allows a perpetrator to execute arbitrary code.

The vulnerability of CommVault’s backup and disaster recovery web server lies in the deficiencies in the mechanism for verifying input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the /boafrm/formWsc file in the microprogramming software of TOTOLINK N150RT allows a perpetrator to execute arbitrary code.

The vulnerability of the /boafrm/formWsc file of TOTOLINK N150RT microprogrammed software devices is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the CI/CD system’s registration data protection mechanism in TeamCity allows unauthorized access by attackers, enabling them to obtain unauthorized access to protected information.

The vulnerability of the CI/CD application integration and delivery system of JetBrains TeamCity is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the CI/CD system’s registration data protection mechanism in TeamCity allows unauthorized access by attackers, enabling them to obtain unauthorized access to protected information.

The vulnerability of the CI/CD application integration and delivery system of JetBrains TeamCity is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the cross-platform integrated development environment JetBrains Rider, related to bypassing the relative path, allows a malicious user to gain read, modify, or delete access to data.

The vulnerability of the cross-platform integrated software development environment JetBrains Rider is related to the exploitation of a relative path. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain read, modify, or delete access to data...

The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity lies in the lack of security measures for website structure protection. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the CI/CD application integration and delivery system of JetBrains TeamCity is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code, provided that the user opens a specially crafted PDF document or a web page...

The vulnerability of the parquet-avro module in the Apache Parquet Java library, which allows a hacker to execute arbitrary code.

The vulnerability of the parquet-avro module in the Apache Parquet Java library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code during the processing of Avro schemas...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

The vulnerability of the /boafrm/formVlan function in TOTOLINK N150RT router microprogramming software allows a perpetrator to execute arbitrary code.

The vulnerability of the /boafrm/formVlan function in TOTOLINK N150RT router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the /boafrm/formStaticDHCP function in the microprogramming software of TOTOLINK N150RT routers allows a attacker to execute arbitrary code.

The vulnerability of the /boafrm/formStaticDHCP function in TOTOLINK N150RT router microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability in the Webmin web control panel allows a hacker to escalate their privileges.

The vulnerability in the Webmin server’s web control panel relates to the failure to handle CRLF sequences properly. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted CGI requests remotely...

The vulnerability of TP-Link M7200 4G LTE Mobile Wi-Fi Router’s microprogramming software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of TP-Link M7200 4G LTE Mobile Wi-Fi Router’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code remotel...

The vulnerability of the microprogramming software of the TP-Link EAP120 wireless access point lies in the lack of measures taken to protect the SQL query structure, allowing a hacker to execute arbitrary code.

The vulnerability of the microprogrammed access point TP-Link EAP120 relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code remotely...

The vulnerability of the Login Dashboard component of TP-Link’s router software lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the Login Dashboard component of TP-Link’s microprogramming router TL-WR840N relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code...

The vulnerability of TP-Link M7000 4G LTE Mobile Wi-Fi Router’s microprogramming software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of TP-Link M7000 4G LTE Mobile Wi-Fi Router’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code remotel...

The vulnerability of TP-Link M7650 4G LTE Mobile Wi-Fi Router’s microprogramming software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of TP-Link M7650 4G LTE Mobile Wi-Fi Router’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code remotel...

The vulnerability of UserGate Next-Generation Firewall (NGFW) and UserGate Web Application Firewall (WAF) at the web application level arises from the failure to implement measures to neutralize specific elements. This allows attackers to execute arbitrary operating system commands with maximum privileges.

The vulnerability of UserGate Next-Generation Firewall NGFW and UserGate Web Application Firewall WAF at the web application level is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute any command on the...