50738 matches found
Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution
This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Bruno IDE Desktop Command Injection
A command injection vulnerability in the function shell.openExternal of Bruno IDE Desktop prior to version 1.29.0 allows attackers to execute arbitrary commands by supplying a crafted URL, leading to potential remote code execution. ===== Tempest Security Intelligence - ADV-10/2024...
OCLS MSMS-PHP 1.0 Shell Upload
OCLS MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability. Titles: OCLS MSMS-PHP by: oretnom23 v1.0 -Copyright © 2025. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/15/2025 Vendor: https://github.com/oretnom23...
WordPress linkID 0.1.2 Missing Authorization / Information Disclosure
WordPress linkID plugin versions 0.1.2 and below suffers from a missing authorization vulnerability that results in information disclosure. CVE-2024-12542 linkID = 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure Description The linkID plugin for WordPress is...
WordPress Partners 0.2.0 PHP Object Injection
WordPress Partners plugin versions 0.2.0 and below suffer from a deserialization vulnerability. CVE-2024-56059 Partners = 0.2.0 - Unauthenticated PHP Object Injection Description The Partners plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.2.0 via...
WordPress Chartify 2.9.5 Local File Inclusion
WordPress Chartify plugin versions 2.9.5 and below suffers from a local file inclusion vulnerability. CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Unauthenticated Local File Inclusion via source Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to...
WordPress SuperBackup 2.3.3 Missing Authorization
WordPress SuperBackup plugin versions 2.3.3 and below suffer from a backup disclosure due to a missing authorization vulnerability. CVE-2024-56067 WP SuperBackup = 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Description The Super Backup & Clone - Migrate for WordPress...
Microweber 2.0.9 Cross Site Scripting
Microweber versions 2.0.9 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2024-33298 Stored Cross Site Scripting vulnerability in Microweber .jpg on /media/default/ 6. Go back to the endpoint /admin/module/view?type=adminbackup and click on "Upload file" 7...
WordPress ARPrice 4.0.3 PHP Object Injection
WordPress ARPrice plugin versions 4.0.3 and below suffer from an authenticated PHP object injection vulnerability. CVE-2024-49699 ARPrice = 4.0.3 - Authenticated Subscriber+ PHP Object Injection Description The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to,...
WordPress SuperBackup 2.3.3 Shell Upload
WordPress SuperBackup plugin versions 2.3.3 and below suffer from a remote shell upload vulnerability. CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file...
WordPress VRPConnector 2.0.1 PHP Object Injection
WordPress VRPConnector plugin versions 2.0.1 and below suffer from an unauthenticated PHP object injection vulnerability. CVE-2024-56058 VRPConnector = 2.0.1 - Unauthenticated PHP Object Injection Description The VRPConnector plugin for WordPress is vulnerable to PHP Object Injection in versions ...
WordPress Fancy Product Designer 6.4.3 SQL Injection
WordPress Fancy Product Designer plugin versions 6.4.3 and below suffers from an unauthenticated remote SQL injection vulnerability. CVE-2024-51818 Fancy Product Designer = 6.4.3 - Unauthenticated SQL Injection Description The Fancy Product Designer plugin for WordPress is vulnerable to SQL...
WordPress CF Internal Link Shortcode 1.1.0 SQL Injection
WordPress CF Internal Link Shortcode plugin versions 1.1.0 and below suffer from a remote SQL injection vulnerability. CVE-2024-12404 CF Internal Link Shortcode = 1.1.0 - Unauthenticated SQL Injection Description The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection v...
WordPress Event Monster 1.4.3 Information Disclosure
WordPress Event Monster plugin versions 1.4.3 and below suffer from an information disclosure vulnerability. CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress ...
Linux inotify_rm_watch() Race Condition / Use-After-Free
Linux suffers from a race condition in inotifyrmwatch with umount that can lead to a superblock-related use-after-fre condition. Summary There's a UAF race between inotifyrmwatch and umount; my guess is that it is hard to hit at least when paniconoops is enabled because a more likely race orderin...
QNAP Symlink Remote Code Execution
The QNAP operating system suffers from a symlinking vulnerability. It is possible to upload a symlink trough a ZIP file and abuse the encrypt/decrypt function to gain an arbitrary file write primitive which can be turned into remote code execution. An attacker with privileges of a regular user ca...
Qsync Central Path Traversal / Information Disclosure
Qsync Central suffers from a symlink attack via an uploaded zip file that results in traversal and information disclosure. Qsync Central versions 4.4.0.1620240819 2024/08/19 and later address this issue. https://packetstorm.news/download/188634...
Adobe Commerce 2.4.7 XML Injection / Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an improper restriction of XML External Entity Reference XXE vulnerability that could result in arbitrary code execution. https://packetstorm.news/download/188633...
WebKit DocumentFontLoader::fontLoadingTimerFired Use-After-Free
WebKit suffers from a use-after-free vulnerability in DocumentFontLoader::fontLoadingTimerFired. https://packetstorm.news/download/188628...
Netsweeper Privilege Escalation
Netsweeper allows for unauthorized changes to the account owner field due to a lack of server-side controls. Patched in NS1271GA. Description: Netsweeper's account management interface allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of...
Zed Attack Proxy 2.16.0 Cross Platform Package
The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...
CISA: Business Case for Security Infographic
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Bomb-Making Materials Awareness Program (BMAP) Overview
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: STS Scenarios Workshop 1 Scenario 4 New Wave of Cooperation
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Chemical Facility Anti-Terrorism Standards (CFATS) Risk Tiering
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: CFATS and the Personnel Surety Program (PSP) Overview
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Strategies for Effectively Blending Cyber and Physical Security within Critical Infrastructure
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: DHS OSAI-OBP Partnership Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: DHS Election Infrastructure Security Funding Consideration
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: BMAP Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: NETF Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Emergency Response Planning Guidelines
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Security and Resiliency Guide - Outdoor Events Annex
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Extreme Weather Impacts
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: STS Threat Timelines Facilitator Guide
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Mitigating Attacks on Houses of Worship Security Guide - Spanish Translation
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Security and Resiliency Guide - Sports Leagues and Venues Annex
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: U.S. Electoral Process Infographic
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: DHS-DOJ Bomb Threat Guidance Quad-Fold
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: ILT Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Actions to Improve Chemical Facility Safety and Security - a Shared Commitment (Report for the President, May 2014)
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Chemical Sector 101
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: TRIPwire Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Suspicious UAS Identification Postcard
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Air Domain Awareness
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: CISA Chemical Security’s International Initiatives
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Reducing the Threat of Improvised Explosive Device Attacks by Restricting Access to Explosive Precursor Chemicals
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Supply Chain Risk Management
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Cybersecurity Evaluation Tool (CSET) Seminar Presentation
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: 2019 ISC Annual Review
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...