Lucene search

K

Directory Security Vulnerabilities

cve
cve

CVE-2022-1208

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected.....

6.4CVSS

5.1AI Score

0.001EPSS

2022-06-13 01:15 PM
77
4
cve
cve

CVE-2022-1949

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows...

7.5CVSS

7.4AI Score

0.002EPSS

2022-06-02 02:15 PM
78
4
cve
cve

CVE-2022-28531

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username)...

9.8CVSS

9.8AI Score

0.003EPSS

2022-05-20 07:15 PM
40
4
cve
cve

CVE-2022-29006

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass...

9.8CVSS

10AI Score

0.134EPSS

2022-05-11 02:15 PM
54
4
cve
cve

CVE-2022-1209

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including,...

5.4CVSS

5.4AI Score

0.002EPSS

2022-05-10 08:15 PM
62
5
cve
cve

CVE-2022-28530

Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via...

9.8CVSS

9.8AI Score

0.002EPSS

2022-05-05 05:15 PM
52
cve
cve

CVE-2022-28533

Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via...

9.8CVSS

9.8AI Score

0.002EPSS

2022-05-05 05:15 PM
52
cve
cve

CVE-2022-22312

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of...

6.5CVSS

6.5AI Score

0.001EPSS

2022-04-27 04:15 PM
54
cve
cve

CVE-2022-22323

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of...

6.5CVSS

6.5AI Score

0.001EPSS

2022-04-27 04:15 PM
68
cve
cve

CVE-2022-0996

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper...

6.5CVSS

6.5AI Score

0.002EPSS

2022-03-23 08:15 PM
87
2
cve
cve

CVE-2022-0760

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL...

9.8CVSS

9.7AI Score

0.027EPSS

2022-03-21 07:15 PM
79
cve
cve

CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most...

6.5CVSS

6.3AI Score

0.001EPSS

2022-01-12 08:15 PM
61
cve
cve

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins...

7.5CVSS

7.6AI Score

0.003EPSS

2021-12-21 09:15 AM
30
cve
cve

CVE-2021-42306

An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in...

8.1CVSS

6.3AI Score

0.003EPSS

2021-11-24 01:15 AM
37
cve
cve

CVE-2021-24794

The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is...

4.8CVSS

4.7AI Score

0.001EPSS

2021-11-01 09:15 AM
18
cve
cve

CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection...

8CVSS

7.9AI Score

0.001EPSS

2021-11-01 09:15 AM
19
cve
cve

CVE-2021-24720

The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting...

5.4CVSS

5.2AI Score

0.001EPSS

2021-10-11 11:15 AM
25
cve
cve

CVE-2021-22535

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information...

4.9CVSS

4.8AI Score

0.001EPSS

2021-09-28 02:15 PM
23
cve
cve

CVE-2021-24663

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to...

7.2CVSS

6.9AI Score

0.001EPSS

2021-09-20 10:15 AM
22
cve
cve

CVE-2021-36949

Microsoft Azure Active Directory Connect Authentication Bypass...

7.1CVSS

6.7AI Score

0.0004EPSS

2021-08-12 06:15 PM
111
3
cve
cve

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

7.5CVSS

7.6AI Score

0.001EPSS

2021-07-26 07:15 AM
49
cve
cve

CVE-2021-24319

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2021-06-01 02:15 PM
25
7
cve
cve

CVE-2021-24320

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword,...

6.1CVSS

6AI Score

0.001EPSS

2021-06-01 02:15 PM
36
6
cve
cve

CVE-2021-24321

The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection....

9.8CVSS

9.7AI Score

0.002EPSS

2021-06-01 02:15 PM
28
6
cve
cve

CVE-2021-3514

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a...

6.5CVSS

6.2AI Score

0.001EPSS

2021-05-28 03:15 PM
203
7
cve
cve

CVE-2021-24178

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting...

8.8CVSS

7.8AI Score

0.001EPSS

2021-05-06 01:15 PM
19
cve
cve

CVE-2021-24179

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to...

8.8CVSS

8.6AI Score

0.001EPSS

2021-05-06 01:15 PM
20
cve
cve

CVE-2021-24249

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as.....

6.5CVSS

6.3AI Score

0.001EPSS

2021-05-06 01:15 PM
18
2
cve
cve

CVE-2021-24248

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to...

7.2CVSS

6.9AI Score

0.001EPSS

2021-05-06 01:15 PM
19
2
cve
cve

CVE-2021-24250

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the...

5.4CVSS

5.3AI Score

0.001EPSS

2021-05-06 01:15 PM
17
cve
cve

CVE-2021-24251

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to....

4.3CVSS

4.7AI Score

0.001EPSS

2021-05-06 01:15 PM
22
cve
cve

CVE-2020-35518

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP...

5.3CVSS

5.1AI Score

0.001EPSS

2021-03-26 05:15 PM
198
cve
cve

CVE-2020-5148

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall....

8.2CVSS

8.1AI Score

0.001EPSS

2021-03-05 04:15 AM
56
cve
cve

CVE-2021-20652

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified...

8.8CVSS

8.8AI Score

0.001EPSS

2021-02-05 02:15 PM
21
2
cve
cve

CVE-2020-2301

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI...

9.8CVSS

9.5AI Score

0.002EPSS

2020-11-04 03:15 PM
45
cve
cve

CVE-2020-2302

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic...

4.3CVSS

4.4AI Score

0.001EPSS

2020-11-04 03:15 PM
41
cve
cve

CVE-2020-2303

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified...

4.3CVSS

4.6AI Score

0.001EPSS

2020-11-04 03:15 PM
36
cve
cve

CVE-2020-2300

Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory...

9.8CVSS

9.4AI Score

0.002EPSS

2020-11-04 03:15 PM
38
cve
cve

CVE-2020-2299

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the...

9.8CVSS

9.3AI Score

0.002EPSS

2020-11-04 03:15 PM
37
cve
cve

CVE-2019-4547

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID:...

5.3CVSS

5AI Score

0.001EPSS

2020-10-29 04:15 PM
14
cve
cve

CVE-2019-4563

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and....

5.3CVSS

4.8AI Score

0.001EPSS

2020-10-29 04:15 PM
16
cve
cve

CVE-2020-24699

The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows...

6.1CVSS

6.3AI Score

0.001EPSS

2020-08-31 04:15 PM
17
cve
cve

CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a.....

5.5CVSS

7.9AI Score

0.511EPSS

2020-08-17 07:15 PM
2686
In Wild
104
cve
cve

CVE-2020-14565

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

8.1CVSS

7.9AI Score

0.001EPSS

2020-07-15 06:15 PM
25
cve
cve

CVE-2019-13463

An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name"...

6.1CVSS

6AI Score

0.001EPSS

2020-03-20 09:15 PM
133
cve
cve

CVE-2019-4548

IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

6.1CVSS

6.3AI Score

0.001EPSS

2020-02-04 05:15 PM
17
cve
cve

CVE-2019-4540

IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

7.5CVSS

7.2AI Score

0.001EPSS

2020-02-04 05:15 PM
27
cve
cve

CVE-2019-4541

IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID:...

7.2CVSS

6.9AI Score

0.001EPSS

2020-02-04 05:15 PM
19
cve
cve

CVE-2019-4551

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID:...

5.3CVSS

5.9AI Score

0.001EPSS

2020-02-04 05:15 PM
19
cve
cve

CVE-2019-4562

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID:...

5.3CVSS

5.4AI Score

0.001EPSS

2020-02-04 05:15 PM
18
Total number of security vulnerabilities464