CWE:
 

Tytuł
Data
Autor
Med.
WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection
08.03.2023
FearZzZz
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Dovecot 2.3.11.3 Denial Of Service
07.01.2021
Innokentii Sennovskiy
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service
20.05.2020
Philippe Antoine
Med.
SCP Server Verification Issues
16.01.2019
Harry Sintonen
Low
Wordpress Plugin Ninja Forms - CSV Injection
20.08.2018
Mostafa Gharzi
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
Low
GNU Wget 1.19.4 Cookie Injection
08.05.2018
Harry Sintonen
Low
The First MicroFinance Bank | RCE / File Upload
24.06.2017
Infinity Security Team
Low
AXIS Communications XSS / Content Inclusion
18.03.2017
orwelllabs
Low
AXIS Network Camera Cross Site Scripting
18.03.2017
orwelllabs
High
AXIS Authenticated Remote Command Execution
28.07.2016
orwelllabs
Low
CMS Made Simple Cache Poisoning
04.05.2016
I-Tracing
Low
pgpdump 0.29 Endless Loop
20.04.2016
Klaus Eisentraut
Med.
innovaphone IP222 UDP Denial Of Service
26.03.2016
Sven Freund
Med.
innovaphone IP222 11r2 sr9 Download Denial Of Service
26.03.2016
Sven Freund
Med.
Dell Authentication Driver Uncontrolled Write
19.12.2015
Matt Bergin
High
ZyXEL PMG5318-B20A OS Command Injection
16.10.2015
Karn Ganeshen
Low
GPON Zhone R4.0.2.566b D.O.S.
03.03.2015
Kaczinski lramirez
High
Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
14.12.2014
quicinc
High
VMWare vmx86.sys Arbitrary Kernel Read
06.11.2014
Matt Bergin
Med.
Apache HTTP Server 2.4.7 mod_log_config denial of service
19.03.2014
Apache
High
Apple MacOSX 10.9.2 OpenSSL Verification Surprises
05.03.2014
hynek
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Low
PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service
10.02.2014
Nobody
Med.
Conceptronic C54APM Open Redirect
12.01.2014
antonio vazquez blanco
Med.
OpenSSL 1.0.1e NULL Pointer dereference DoS
11.01.2014
Dr. Stephen Henson
Med.
Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
09.01.2014
mpb
High
Linux kernel Multiple CVE fixes
23.11.2013
Nico Golde and Fabian ...
Med.
Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation
08.11.2013
Jonathan Salwan
Med.
Vino VNC Server 3.7.3 Denial Of Service
18.09.2013
Jonathan Claudius
Med.
WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation
09.09.2013
RogueCoder
High
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
07.08.2013
CORE
Low
Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger
06.06.2013
CORE
High
NextApp Echo XML Injection Vulnerability
02.05.2013
Anonymous
High
Cisco Unified Computing System Multiple Vulnerabilities
24.04.2013
CISCO
High
Cisco NX-OS-Based Products Multiple Vulnerabilities
24.04.2013
CISCO
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
10.04.2013
Cisco
Low
Pebble 2.6.4 Open Redirection
04.11.2012
Anonymous
Low
VirtualBox CPU-emulation bug (missing CPL check)
08.09.2012
halfdog
Low
IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting
07.09.2012
MustLive
Low
IOServer Root Directory Trailing Backslash Multiple Vulnerabilities
20.08.2012
hinge
High
LifeSize Room Command Injection
13.11.2011
Spencer McIntyre (zero...
High
Apple Safari Webkit libxslt Arbitrary File Creation
29.10.2011
metasploit
Med.
astersik open source 1.8.7 Remote crash vulnerability
26.10.2011
Asterisk Security Team
High
CMS WebManager-Pro Vulnerabilities
12.10.2011
MustLive
High
Opera 10/11 (bad nesting with frameset tag) Memory Corruption
10.10.2011
Jose A. Vazquez
High
Mac OS X < 10.6.7 Kernel Panic Exploit
02.10.2011
hkpco
High
LifeSize Room Command Injection
05.09.2011
Spencer McIntyre
High
iOS SSL Implementation Does Not Validate Certificate Chain
01.09.2011
Trustwave Advisories
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Low
Android Browser Cross-Application Scripting
16.08.2011
Roee Hay
High
HP Data Protector Remote Shell for HP-UX
08.08.2011
Adrian Puente Z.
High
ioQuake3 Remote shell injection
06.08.2011
Thilo Schulz
High
HP Data Protector Remote Shell for HPUX
06.08.2011
Adrian Puente Z.
Med.
phpMyAdmin 3.x Conditional Session Manipulation
03.08.2011
Mango
High
Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability
19.07.2011
metasploit
Med.
Symantec Backup Exec 12.5 MiTM Attack
11.07.2011
Nibin
High
Black Ice Cover Page ActiveX Control Arbitrary File Download
22.06.2011
metasploit
High
Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit
22.06.2011
mr_me
High
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
10.06.2011
metasploit
High
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
30.05.2011
fdisk
Low
Opera : SELECT SIZE Arbitrary null write
13.05.2011
Advisories Toucan-Syst...
Low
CA SiteMinder Security Notice
02.05.2011
Williams, James K
Low
Linux Kernel 2.4 and 2.6 disclosure of sensitive information
12.04.2011
Timo Warns
Med.
Apache Tomcat 7.0.11 information disclosure
12.04.2011
Mark Thomas
High
xpdf multiple vulnerabilities allow remote code execution
02.04.2011
Advisories Toucan-Syst...
Med.
Mutt: failure to check server certificate in SMTP TLS connection
18.03.2011
dave b
Low
SugarCRM list privilege restriction bypass
18.03.2011
RedTeam Pentesting Gmb...
High
Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges
04.03.2011
PRE
High
Cisco Secure Desktop CSDWebInstaller Remote Code Execution
01.03.2011
ZDI
Med.
ZOHO ManageEngine ADSelfService multiple vulnerabilities
18.02.2011
CORE Security Technolo...
Med.
mit kerberos 5-1.9 kpropd denial of service
12.02.2011
Tom Yu
Med.
MyProxy SSL Certificate Validation Security Bypass Vulnerability
03.02.2011
Venkat Yekkirala
High
OpenVAS Manager Command Injection Vulnerability
01.02.2011
Tim Brown
High
OpenVAS Manager Vulnerable To Command Injection
31.01.2011
Tim Brown
High
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability
18.01.2011
felix
High
MS11-002: Microsoft Data Access Components Vulnerability
15.01.2011
Peter Vreugdenhil
High
Mono/Moonlight Generic Type Argument Local Privilege Escalation
15.01.2011
Chris Howie
Med.
Symantec Intel Handler Service Remote Denial-of-Service
25.12.2010
Core
High
Windows Win32k Pointer Dereferencement (MS10-098)
18.12.2010
Stefan LE BERRE
Low
PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
05.11.2010
Maksymilian Arciemowic...
High
Android 2.0-2.1 Reverse Shell Exploit
05.11.2010
MJ Keith
Med.
KDC uninitialized pointer crash in authorization data handling
11.10.2010
Tom Yu
High
Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability
09.10.2010
Knud and nSense
Med.
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
07.10.2010
ZDI
High
Microsoft Unicode Scripts Processor Remote Code Execution
06.10.2010
Abysssec
Low
HP System Management Homepage (SMH) Remote URL Redirection
28.09.2010
HP
High
Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit
23.09.2010
Trancer
Med.
MailEnable SMTP Service Two Denial of Service Vulnerabilities
17.09.2010
Secunia Research
Med.
Apache Traffic Server 2.0.0 issue
15.09.2010
Tim Brown
Low
linux kernel 2.6.34 xfs swapext ioctl issue
13.09.2010
Eugene Teo
High
Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek
31.08.2010
ZDI
High
Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption
31.08.2010
ZDI
High
Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
30.08.2010
ZDI
High
Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability
30.08.2010
ZDI
High
Adobe Shockwave Player Director Remote Code Execution Vulnerability
30.08.2010
ZDI
High
ssmtp 2.62 standardise() Buffer overflow
24.08.2010
Jan Lieskovsky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-10-23
Waiting for details
CVE-2024-9530

Updating...
 

 
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.

 
2024-10-22
Waiting for details
CVE-2024-9541

Updating...
 

 
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

 
Waiting for details
CVE-2024-9627

Updating...
 

 
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.

 
Waiting for details
CVE-2024-8852

Updating...
 

 
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.

 
Waiting for details
CVE-2024-50312

Updating...
 

 
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

 
Waiting for details
CVE-2024-48919

Updating...
 

 
Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage. A server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `"cursor.terminal.usePreviewBox"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts.

 
2024-10-21
Waiting for details
CVE-2024-49368

Updating...
 

 
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.

 
2024-10-19
Waiting for details
CVE-2024-9889

Updating...
 

 
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.

 
2024-10-18
Waiting for details
CVE-2024-49361

Updating...
 

 
ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. All users utilizing ACON�??s input-handling functions are potentially at risk. Specifically, machine learning models or applications that ingest user-generated data without proper sanitization are the most vulnerable. Users running ACON on production servers are at heightened risk, as the vulnerability could be exploited remotely. As of time of publication, it is unclear whether a fix is available.

 
2024-10-17
Waiting for details
CVE-2024-7417

Updating...
 

 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top