Owl Security Vulnerabilities

CVE-2024-5345

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

CVE-2023-51493

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through...

CVE-2024-24801

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through...

CVE-2023-23829

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3...

CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R:...

CVE-2009-5082

The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary...

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is...

CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11...

CVE-2022-31462

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast...

CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over...

CVE-2022-31460

Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150...

CVE-2009-0363

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use....

CVE-2006-4212

SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified...

CVE-2006-4211

Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2006-1149

PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before...

CVE-2005-0264

Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order...

CVE-2005-0265

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted...

CVE-2003-0341

Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search...