WordPress plugin Simple Maps 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Linux Distros Unpatched Vulnerability : CVE-2010-0831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a...

Oracle Linux 5 : gcc (ELSA-2011-0025)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0025 advisory. - fix up fastjar directory traversal bugs CVE-2010-0831 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PT-2023-10273 · Fastly · Fastly Plugin

Name of the Vulnerable Software and Affected Versions: Fastly Plugin versions up to 0.97 Description: A vulnerability was found in the Fastly Plugin, which has been rated as problematic. The issue affects the function post of the file lib/api.php. The manipulation of the url argument leads to...

openSUSE 15 Security Update : fastjar (openSUSE-SU-2021:2565-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:2565-1 advisory. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite...

WordPress WP Lead Plus X Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...

CVE-2013-3494

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code...

Cisco Unity Connection Cross-Site Request Forgery Vulnerability

Cross-site request forgery CSRF vulnerability in Cisco Unity Connection 11.50.98 allows remote attackers to hijack the authentication of arbitrary users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid130013; scriptversion"1.3"; scriptcvsdate"Date: 2019/10/31...

Divide By Zero

Overview lmdb is an Universal Python binding for the LMDB 'Lightning' Database. Affected versions of this package are vulnerable to Divide By Zero. An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdbenvopen2 if mdbenvreadheader obtains a zero value for a...

Out-of-bounds Write

Overview lmdb is an Universal Python binding for the LMDB 'Lightning' Database. Affected versions of this package are vulnerable to Out-of-bounds Write. An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an...

Out-of-bounds Write

Overview lmdb is an Universal Python binding for the LMDB 'Lightning' Database. Affected versions of this package are vulnerable to Out-of-bounds Write. An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within...

UMPlayer 0.98 DLL Hijacking

/ Exploit Title: UMPlayer 0.98 DLL Hijacking Exploit wintab32.dll Date: 31/10/2012 Author: Metropolis Url: http://metropolis.fr.cr Software info: UMPlayer is the media player that fills all your needs. With dozens of advanced features and built-in codecs it can handle any media format. Software...

JVN#28973089: SemanticScuttle vulnerable to cross-site scripting

SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

net2ftp 0.98 (stable) - admin1.template.php LocalRemote File Inclusion

net2ftp 0.98 stable - admin1.template.php LocalRemote File Inclusion source: https://www.securityfocus.com/bid/45312/info The 'net2ftp' program is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-suppli...

Mandriva Update for fastjar MDVSA-2010:122 (fastjar)

Check for the Version of fastjar OpenVAS Vulnerability Test Mandriva Update for fastjar MDVSA-2010:122 fastjar Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Directory traversal

Directory traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this...

Path traversal

Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an...

CVE-2010-2322

Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an...

CVE-2010-2322

CVE-2010-2322 is a path traversal vulnerability in the FastJar 0.98 extract_jar implementation (jartool.c). The flaw allows remote attackers to create or overwrite arbitrary files inside a .jar by supplying a full pathname for a file within the archive. This issue is related to (and caused by) an...

CVE-2007-2265

Cross-site scripting XSS vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php...