WooCommerce PDF Invoices & Packing Slips Security Vulnerabilities
Lattice-Based Cryptosystems and Quantum Cryptanalysis
Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...
7.2AI Score
A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file view_each_faculty.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...
3.5CVSS
6.5AI Score
A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The.....
3.5CVSS
6.7AI Score
A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file submit_student.php. The manipulation of the argument address leads to cross site scripting. The attack can be launched...
3.5CVSS
6.7AI Score
A vulnerability, which was classified as problematic, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file submit_login.php. The manipulation of the argument usertype leads to cross site scripting. The attack may be initiated remotely....
3.5CVSS
6.7AI Score
A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated...
3.5CVSS
6.8AI Score
A vulnerability classified as problematic has been found in Kashipara College Management System 1.0. This affects an unknown part of the file submit_enroll_student.php. The manipulation of the argument class_name leads to cross site scripting. It is possible to initiate the attack remotely. The...
3.5CVSS
6.6AI Score
A vulnerability was found in Kashipara College Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file submit_enroll_staff.php. The manipulation of the argument class_name leads to cross site scripting. The attack may be launched...
3.5CVSS
6.6AI Score
A vulnerability was found in Kashipara College Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument admin_name leads to cross site scripting. The attack can be launched.....
3.5CVSS
6.7AI Score
A vulnerability was found in Kashipara College Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit.....
3.5CVSS
6.7AI Score
A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file each_extracurricula_activities.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely....
3.5CVSS
6.7AI Score
FreeBSD : electron29 -- use after free in Dawn (04e78f32-04b2-4c23-bfae-72600842d317)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 04e78f32-04b2-4c23-bfae-72600842d317 advisory. Electron developers report: This update fixes the following vulnerability: Tenable has extracted the...
6.9AI Score
Foxit PDF Editor < 12.1.7 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 12.1.7. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...
7.6AI Score
FreeBSD : electron28 -- multiple vulnerabilities (43d1c381-a3e5-4a1d-b3ed-f37b61a451af)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43d1c381-a3e5-4a1d-b3ed-f37b61a451af advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...
7.2AI Score
Foxit PDF Editor < 11.2.10 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.10. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...
7.3AI Score
Foxit PDF Editor < 13.1.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1.2. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...
7AI Score
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f5fa174d-19de-11ef-83d8-4ccc6adda413 advisory. Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a...
7.2AI Score
An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF...
8.1AI Score
An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF...
8.1AI Score
An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF...
8.3AI Score
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF...
7.7AI Score
An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF...
8AI Score
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF...
8AI Score
An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF...
8AI Score
An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF...
8AI Score
7.1AI Score
0.0004EPSS
Foxit PDF Reader < 2024.2.2 Vulnerability
According to its version, the Foxit PDF Reader application (previously named Foxit Reader) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...
7AI Score
7.4AI Score
A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1.) cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior...
6.9AI Score
0.0004EPSS
7.5AI Score
Foxit PDF Editor < 2024.2.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...
6.9AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:1770-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1770-1 advisory. Update to version 115.11.0 ESR (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution...
8.3AI Score
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month...
9.1AI Score
A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee...
9.1AI Score
A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id...
9.1AI Score
A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id...
9.1AI Score
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name...
9.1AI Score
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name...
9.1AI Score
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name...
9.1AI Score
A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index...
9.1AI Score
A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month...
9.1AI Score
A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade...
9.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 106 vulnerabilities disclosed in 81...
9.4AI Score
0.001EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions...
4.3CVSS
7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions...
6.6AI Score
0.0004EPSS
(RHSA-2024:3338) Moderate: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) Mozilla: IndexedDB files retained in private browsing mode (CVE-2024-4767) Mozilla:...
8.1AI Score
0.0004EPSS
A journey into forgotten Null Session and MS-RPC interfaces
A journey into forgotten Null Session and MS-RPC interfaces (PDF) It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. Most often, attackers leveraged null...
7.4AI Score
Updated ghostscript packages fix security vulnerabilities
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are...
7.9AI Score
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....
6.3CVSS
7.9AI Score
0.0004EPSS