50637 matches found
ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
ABB AC500v3 versions 3.7.0.569 and below suffer from privilege escalation and directory traversal vulnerabilities. CyberDanube Security Research 20250107-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities in ABB AC500v3 product| ABB...
OCLS MSMS-PHP 1.0 Shell Upload
OCLS MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability. Titles: OCLS MSMS-PHP by: oretnom23 v1.0 -Copyright © 2025. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/15/2025 Vendor: https://github.com/oretnom23...
WordPress VRPConnector 2.0.1 PHP Object Injection
WordPress VRPConnector plugin versions 2.0.1 and below suffer from an unauthenticated PHP object injection vulnerability. CVE-2024-56058 VRPConnector = 2.0.1 - Unauthenticated PHP Object Injection Description The VRPConnector plugin for WordPress is vulnerable to PHP Object Injection in versions ...
WordPress linkID 0.1.2 Missing Authorization / Information Disclosure
WordPress linkID plugin versions 0.1.2 and below suffers from a missing authorization vulnerability that results in information disclosure. CVE-2024-12542 linkID = 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure Description The linkID plugin for WordPress is...
WordPress SuperBackup 2.3.3 Shell Upload
WordPress SuperBackup plugin versions 2.3.3 and below suffer from a remote shell upload vulnerability. CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file...
Microweber 2.0.9 Cross Site Scripting
Microweber versions 2.0.9 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2024-33298 Stored Cross Site Scripting vulnerability in Microweber .jpg on /media/default/ 6. Go back to the endpoint /admin/module/view?type=adminbackup and click on "Upload file" 7...
WordPress CF Internal Link Shortcode 1.1.0 SQL Injection
WordPress CF Internal Link Shortcode plugin versions 1.1.0 and below suffer from a remote SQL injection vulnerability. CVE-2024-12404 CF Internal Link Shortcode = 1.1.0 - Unauthenticated SQL Injection Description The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection v...
WordPress Partners 0.2.0 PHP Object Injection
WordPress Partners plugin versions 0.2.0 and below suffer from a deserialization vulnerability. CVE-2024-56059 Partners = 0.2.0 - Unauthenticated PHP Object Injection Description The Partners plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.2.0 via...
WordPress Fancy Product Designer 6.4.3 SQL Injection
WordPress Fancy Product Designer plugin versions 6.4.3 and below suffers from an unauthenticated remote SQL injection vulnerability. CVE-2024-51818 Fancy Product Designer = 6.4.3 - Unauthenticated SQL Injection Description The Fancy Product Designer plugin for WordPress is vulnerable to SQL...
WordPress Event Monster 1.4.3 Information Disclosure
WordPress Event Monster plugin versions 1.4.3 and below suffer from an information disclosure vulnerability. CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress ...
WordPress SuperBackup 2.3.3 Missing Authorization
WordPress SuperBackup plugin versions 2.3.3 and below suffer from a backup disclosure due to a missing authorization vulnerability. CVE-2024-56067 WP SuperBackup = 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Description The Super Backup & Clone - Migrate for WordPress...
WordPress ARPrice 4.0.3 PHP Object Injection
WordPress ARPrice plugin versions 4.0.3 and below suffer from an authenticated PHP object injection vulnerability. CVE-2024-49699 ARPrice = 4.0.3 - Authenticated Subscriber+ PHP Object Injection Description The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to,...
WordPress Chartify 2.9.5 Local File Inclusion
WordPress Chartify plugin versions 2.9.5 and below suffers from a local file inclusion vulnerability. CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Unauthenticated Local File Inclusion via source Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to...
Qsync Central Path Traversal / Information Disclosure
Qsync Central suffers from a symlink attack via an uploaded zip file that results in traversal and information disclosure. Qsync Central versions 4.4.0.1620240819 2024/08/19 and later address this issue. https://packetstorm.news/download/188634...
Adobe Commerce 2.4.7 XML Injection / Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an improper restriction of XML External Entity Reference XXE vulnerability that could result in arbitrary code execution. https://packetstorm.news/download/188633...
WebKit DocumentFontLoader::fontLoadingTimerFired Use-After-Free
WebKit suffers from a use-after-free vulnerability in DocumentFontLoader::fontLoadingTimerFired. https://packetstorm.news/download/188628...
Linux inotify_rm_watch() Race Condition / Use-After-Free
Linux suffers from a race condition in inotifyrmwatch with umount that can lead to a superblock-related use-after-fre condition. Summary There's a UAF race between inotifyrmwatch and umount; my guess is that it is hard to hit at least when paniconoops is enabled because a more likely race orderin...
Zed Attack Proxy 2.16.0 Cross Platform Package
The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...
Netsweeper Privilege Escalation
Netsweeper allows for unauthorized changes to the account owner field due to a lack of server-side controls. Patched in NS1271GA. Description: Netsweeper's account management interface allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of...
QNAP Symlink Remote Code Execution
The QNAP operating system suffers from a symlinking vulnerability. It is possible to upload a symlink trough a ZIP file and abuse the encrypt/decrypt function to gain an arbitrary file write primitive which can be turned into remote code execution. An attacker with privileges of a regular user ca...
CISA: 2022 ISC Annual Review
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Weather Hazard Preparedness
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Mitigating Attacks on Houses of Worship Security Guide - Simplified Chinese Translation
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: NETF Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: 2018 ISC Annual Review
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Federal Emergency Management Agency (FEMA) Response: Hurricanes, Wildfires, Floods, and Pandemics
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Building an International Network of Chemical Security Practitioners
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: OBP Awareness Products Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Chemical Facility Anti-Terrorism Standards (CFATS) Case Study: Strategic and Tactical CFATS Considerations for a Multi-Tenant Dow, DuPont, and Corteva Facility
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Security and Resiliency Guide - Public Assembly Annex
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Emerging Risks: Extreme Weather Trends and Impacts
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: 2021 Edition - Planning and Response to an Active Shooter: an Interagency Security Committee Policy and Best Practices Guide
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Community Collaboration to Advance Emergency Response Efforts
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: 2019 ISC Annual Review
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: U.S. Electoral Process Infographic
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: How Multinational Critical Infrastructure Corporations Protect Intellectual Property from Theft and Espionage
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Security and Resiliency Guide - Healthcare and Public Health Facility Annex
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: FEMA Chemical, Biological, Radiological, and Nuclear (CBRN) Response and Recovery Efforts
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: January 2017/2nd Edition - Security Specialist Competencies: an Interagency Security Committee Guide
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: OBP Training Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: IST Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Election Infrastructure Security Resource Guide
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Dow Incident and Crisis Management
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: U.S. Coast Guard Cyber Risk Management
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Chemical Sector Security Awareness Training
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Three Ps of Voting
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Actions to Improve Chemical Facility Safety and Security - a Shared Commitment (Report for the President, May 2014)
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Introduction to Chemical Security at CISA
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: What to Expect during a Chemical Facility Anti-Terrorism Standards (CFATS) Inspection
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Strategies for Effectively Blending Cyber and Physical Security within Critical Infrastructure
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...