CVE-2024-44008

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through = 1.13.12...

WordPress plugin Geo Mashup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Geo Mashup plugin <= 1.13.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Geo Mashup versions = 1.13.12...

WordPress Geo Mashup Plugin <= 1.13.12 is vulnerable to Cross Site Scripting (XSS)

Software Geo Mashup Type Plugin Vulnerable versions = 1.13.12 Fixed in 1.13.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44008 Patch priority Low CVSS severity Low 6.5 Developer Dylan Kuhn PSID d830e975a22f Credits LVT-tholv2k Required privilege Contributor...

GHSA-6P62-6CG9-F5F5 Memory exhaustion in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of...

WordPress Geo Mashup Plugin < 1.13.12 is vulnerable to Cross Site Scripting (XSS)

Software Geo Mashup Type Plugin Vulnerable versions 1.13.12 Fixed in 1.13.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Dylan Kuhn PSID 0cbe2859392c Credits Rafie Muhammad Patchstack Required...

dbus authentication bypass vulnerability

D-Bus is an inter-process communication mechanism provided by the freedesktop.org project and distributed under the GPL license. An authentication bypass vulnerability exists in dbus versions prior to 1.10.28, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12 in Ubuntu. The vulnerability stems...

PT-2018-11275

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 1.13 prior to 1.13.12 Spring Data Commons versions 2.0 prior to 2.0.7 Description The issue is caused by improper restriction of XML external entity references in the underlying library XMLBeam, which does not...

WordPress UpdraftPlus Plugin Server-Side Request Forgery Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.UpdraftPlus plugin is used in one of the WordPress backup plugin. WordPress UpdraftPlus plugin 1.13.12 and earlier...

PT-2017-14608 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue allows remote PHP code execution due to a race condition in the plupload action function before deleting a file associated with the name parameter in...

PT-2017-14607 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...

java-1.6.0-openjdk security update

1:1.6.0.40-1.13.12.4.0.1 - Add oracle-enterprise.patch 1:1.6.0.40-1.13.12.4 - Bump source tarballs to try and really fix TCK failures this time. - Resolves: rhbz1350043 1:1.6.0.40-1.13.12.3 - Bump source tarballs to missing -DNDEBUG on JDK native code. - Resolves: rhbz1350043 1:1.6.0.40-1.13.12.2...