WordPress Podlove Podcast Publisher 2.5.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove Podcast Publisher plugin Language: PHP Version: 2.5.3 and below Vendor Status...

Easy Modal <= 2.0.17 - Authenticated SQL Injection

This can only be exploited by a user who already has access to the admin with a valid nonce. During the security analysis, ThunderScan discovered SQL injection vulnerabilities in the Easy Modal WordPress Plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while bei...

WordPress Podlove Podcast Publisher plugin <=2.5.3 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability found by Neven Biruski in WordPress Podlove Podcast Publisher plugin version 2.5.3 and earlier version. This vulnerability allows registered users to get access to the database even if they don't have full administrator rights. Moreover, Cross Site request forgery...

WordPress Podlove Podcast Publisher 2.5.3 SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory ID: DC-2017-05-006 Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove...

Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Podlove Podcast Publisher WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugi...

CVE-2017-7902

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A...

Design/Logic Flaw

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A...

CVE-2017-7902

CVE-2017-7902 affects Rockwell Automation Allen‑Bradley MicroLogix 1100 (1763-L16Axx, 16.00 and earlier) and MicroLogix 1400 (1766-L32Axx, 16.00 and earlier). The issue is nonce reuse in encryption, enabling an attacker to capture and replay a valid request until the nonce changes, potentially co...

WordPress wpDiscuz plugin <= 3.2.8 - Cross-Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF Vulnerability was found in WordPress wpDiscuz plugin in 3.2.8 version. There's no nonce check when resetting the plugins settings. Solution Update the plugin...

WordPress WooCommerce Upload My File plugin <= 0.3.9 - Cross-Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF Vulnerability was found in WordPress WooCommerce Upload My File plugin in 0.3.9 version. It's missing a nonce to check when the plugin settings are saved. Solution Update the plugin...

WordPress Responsive Menu plugin <= 3.1.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability

Wordpress Responsive Menu plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS Vulnerabilities. There's a lack of sanitization for saving the options in updateOptions function, in the /app/Controllers/AdminController.php file. Also, a nonce is missing in the plugin's settings page...

WordPress Huge-IT Video Gallery 2.0.4 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL:...

WordPress Huge-IT Video Gallery 2.0.4 SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Huge-IT...

Input validation

DISPUTED The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt...

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

PT-2017-18795 · Bitcoin · Bitcoind

Name of the Vulnerable Software and Affected Versions: Bitcoin affected versions not specified Description: The Bitcoin Proof-of-Work algorithm has an issue related to 80-byte block headers with varying initial 64-byte chunks followed by the same 16-byte chunk, and multiple candidate root values...

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2017-07305)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the File System Certificates dialog in WordPress version...

UBUNTU-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

DEBIAN-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...