Search Results | AttackerKB

Show filters

Topics 3,845 Users 9,711

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3,845 Total Results

Displaying 71-80 of 3,845

Attacker Value

Unknown

CVE-2025-0569

Disclosure Date: January 30, 2025 (last updated February 20, 2025)

Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25303.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2025-0568

Disclosure Date: January 30, 2025 (last updated February 20, 2025)

Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25302.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2025-24507

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

This vulnerability allows appliance compromise at boot time.

0

Attacker Value

Unknown

CVE-2025-24506

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.

0

Attacker Value

Unknown

CVE-2025-24505

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

0

Attacker Value

Unknown

CVE-2025-24504

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.

0

Attacker Value

Unknown

CVE-2025-24503

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

0

Attacker Value

Unknown

CVE-2025-24502

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

0

Attacker Value

Unknown

CVE-2025-24501

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.

0

Attacker Value

Unknown

CVE-2025-24500

Disclosure Date: January 30, 2025 (last updated January 31, 2025)

The vulnerability allows an unauthenticated attacker to access information in PAM database.

0