Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dragonfly dragonfly vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd proc...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5
CVSSv2
CVE-2011-4685
Dragonfly in Opera prior to 11.60 allows remote malicious users to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
Opera Opera Browser 5.0
Opera Opera Browser 6.0
Opera Opera Browser 10.01
Opera Opera Browser 9.51
Opera Opera Browser 10.10
Opera Opera Browser 10.52
Opera Opera Browser 8.0
Opera Opera Browser 7.54
Opera Opera Browser 9.61
Opera Opera Browser 9.60
Opera Opera Browser 10.50
Opera Opera Browser 10.53
Opera Opera Browser 9.50
Opera Opera Browser 9.0
Opera Opera Browser 7.52
Opera Opera Browser 7.50
Opera Opera Browser 8.54
Opera Opera Browser 7.03
Opera Opera Browser 7.23
Opera Opera Browser 7.0
Opera Opera Browser 6.04
Opera Opera Browser 6.05
5
CVSSv2
CVE-2005-2220
Dragonfly Commerce allows remote malicious users to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has dispu...
Incredible Interactive Dragonfly Commerce
4.9
CVSSv2
CVE-2021-33473
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows malicious users to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
Dragonfly Project Dragonfly 1.3.0
4.3
CVSSv2
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x up to and including 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked in...
W1.fi Hostapd
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
1 Article
4.3
CVSSv2
CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
4.3
CVSSv2
CVE-2006-1033
Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS prior to 9.0.6.1 allow remote malicious users to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, ...
Cpg-nuke Dragonfly Cms 9.0.3.0
Cpg-nuke Dragonfly Cms 9.0.4.0
Cpg-nuke Dragonfly Cms 9.0.1.1
Cpg-nuke Dragonfly Cms 9.0.2.0
Cpg-nuke Dragonfly Cms 9.0.5.0
Cpg-nuke Dragonfly Cms 9.0.6.0
7 EDB exploits
4.3
CVSSv2
CVE-2006-0726
Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote malicious users to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
Cpg-nuke Dragonfly Cms 9.0.6.1
4.3
CVSSv2
CVE-2005-4351
The securelevels implementation in FreeBSD 7.0 and previous versions, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
Freebsd Freebsd 7.0
Dragonfly Dragonfly
Openbsd Openbsd
Freebsd Freebsd
Linux Linux Kernel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »