EUVD-2024-21978

Malicious code in bioql PyPI...

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive...

Debian dla-3761 : spip - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3761 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3761-1 [email protected] https://www.debian.org/lts/security/...

Sql injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2022-28222

The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php...

CVE-2022-28222

The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php...

GHSA-49FJ-QP6P-Q544 Variable Tampering within joomla/input class

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

Cross site scripting

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $REQUEST'pkgfilter' in a PHP echo call, causing XSS...

CVE-2021-43683

pictshare v1.5 is affected by a Cross Site Scripting XSS vulnerability in api/info.php. The exit function will terminate the script and print the message which has $REQUEST'hash'...

Cross site scripting

pictshare v1.5 is affected by a Cross Site Scripting XSS vulnerability in api/info.php. The exit function will terminate the script and print the message which has $REQUEST'hash'...

CVE-2021-43683

pictshare v1.5 is affected by a Cross Site Scripting XSS vulnerability in api/info.php. The exit function will terminate the script and print the message which has $REQUEST'hash'...

IssabelPbx Cross-Site Scripting Vulnerability

IssabelPbx is an open source Gui Graphical User Interface from the Issabel Foundation. It is used to control and manage Asterisk Pbx. Issabel issabelPBX suffers from a cross-site scripting vulnerability that originates in the file page.backuprestore.php, where the exit function will terminate the...

CVE-2021-43695

issabelPBX version 2.11 is affected by a Cross Site Scripting XSS vulnerability. In file page.backuprestore.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST without sanitization, then there is a XSS vulnerability...

CVE-2021-43696

twmap v2.91v4.33 is affected by a Cross Site Scripting XSS vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST then there is a XSS vulnerability...

Cross site scripting

twmap v2.91v4.33 is affected by a Cross Site Scripting XSS vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST then there is a XSS vulnerability...

[20220307] - Core - Variable Tampering on JInput $_REQUEST data

Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

CVE-2021-38356

The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $REQUEST'page' parameter which is echoed out on inc/nxsclasssnap.php by supplying the appropriate value 'nxssnap-post' to load the page in $GET'page' along with malicious...

CVE-2021-38356 NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting

The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $REQUEST'page' parameter which is echoed out on inc/nxsclasssnap.php by supplying the appropriate value 'nxssnap-post' to load the page in $GET'page' along with malicious...