Aggregator

CVE-2007-5857 | Apple Mac OS X 10.5.1 hreftrack access control (Nessus ID 29723 / ID 115676)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as problematic was found in Apple Mac OS X 10.5.1. Affected by this vulnerability is an unknown functionality. The manipulation of the argument hreftrack leads to improper access controls. This vulnerability is known as CVE-2007-5857. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2007-4814 | Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll second memory corruption (EDB-4379 / ID 19472)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical was found in Microsoft SQL Server 2005. This vulnerability affects unknown code in the library sqldmo.dll of the component Enterprise Manager. The manipulation of the argument second leads to memory corruption. This vulnerability was named CVE-2007-4814. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2004-0242 | Qualiteam X-Cart up to 3.4.11 mode information disclosure (EDB-23639 / Nessus ID 12040)

Vuldb Updates
1 month 4 weeks ago
A vulnerability has been found in Qualiteam X-Cart up to 3.4.11 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument mode leads to information disclosure. This vulnerability is known as CVE-2004-0242. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-3768 | Devolutions Server up to 2025.1.10.0 Tor Network Blocking access control (DEVO-2025-0011 / EUVD-2025-16996)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in Devolutions Server up to 2025.1.10.0. Affected is an unknown function of the component Tor Network Blocking. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-3768. The attack can only be done within the local network. There is no exploit available.
vuldb.com

CVE-2025-49008 | Atheos up to 6.0.3 execute.php escapeshellcmd os command injection (GHSA-rwc2-4q8c-xj48 / EUVD-2025-16939)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Atheos up to 6.0.3. It has been rated as critical. This issue affects the function escapeshellcmd of the file /components/codegit/traits/execute.php. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-49008. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5620 | D-Link DIR-816 1.10CNB05 /goform/setipsec_config localIP/remoteIP os command injection (EUVD-2025-16943)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-5620. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5621 | D-Link DIR-816 1.10CNB05 /goform/qosClassifier dip_address/sip_address os command injection (EUVD-2025-16942)

Vuldb Updates
1 month 4 weeks ago
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-5621. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2023-47819 | ThikShare Easy Call Now Plugin up to 1.1.0 on WordPress settings_page cross-site request forgery (EUVD-2023-51914)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as problematic, was found in ThikShare Easy Call Now Plugin up to 1.1.0 on WordPress. Affected is the function settings_page. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2023-47819. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2023-44289 | Dell Command Configure up to 4.10.x Installation access control (dsa-2023-390 / EUVD-2023-48645)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Dell Command Configure up to 4.10.x. Affected by this issue is some unknown functionality of the component Installation Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2023-44289. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-20241 | Cisco Secure Client Software up to 4.10 MR7/5.0 MR3 denial of service (cisco-sa-accsc-dos-9SLzkZ8 / EUVD-2023-24420)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as problematic was found in Cisco Secure Client Software up to 4.10 MR7/5.0 MR3. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-20241. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-25987 | Aleksandar Urošević My YouTube Channel Plugin up to 3.23.3 on WordPress cross-site request forgery (EUVD-2023-29874)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Aleksandar Urošević My YouTube Channel Plugin up to 3.23.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2023-25987. The attack may be initiated remotely. There is no exploit available.
vuldb.com

Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!

Cobalt Strike Blog
1 month 4 weeks ago

TL;DR: In this blog we’ll demonstrate how to instrument Beacon via BeaconGate and walk through our implementations of return address spoofing, indirect syscalls, and a call stack spoofing technique, Draugr, that are now available in Sleepmask-VS. Furthermore, we’ll provide tips and tricks for developers in getting set up with Sleepmask-VS so they can write their [...]

Read More... from Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs!

The post Dynamically Instrumenting Beacon With BeaconGate – For All Your Call Stack Spoofing Needs! appeared first on Cobalt Strike.

William Burgess

CVE-2025-5739 | TOTOLINK X15 1.0.0-B20230714.1105 HTTP POST Request /boafrm/formSaveConfig submit-url buffer overflow (EUVD-2025-17104)

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5739. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5738 | TOTOLINK X15 1.0.0-B20230714.1105 HTTP POST Request /boafrm/formStats submit-url buffer overflow (EUVD-2025-17105)

VulDB Recent Entries
1 month 4 weeks ago
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is handled as CVE-2025-5738. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad