[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1866 Download | Alert*

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device.

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device���s web interface when an attacker sends a specially crafted HTTP request.

In PHP versions��8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for��CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue:��when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary c ...

Fuji Electric Monitouch V-SFT��is vulnerable to a type confusion, which could cause a crash or code execution.

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ���header_size��� attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that ...

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 8.0

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the ...


Pages:      Start    55    56    57    58    59    60    61    62    63    64    65    66    67    68    ..   186

© SecPod Technologies