CVE-2020-10045

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application...

CVE-2025-10045 onOffice for WP-Websites <= 5.7 - Authenticated (Editor+) SQL Injection

The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress onOffice for WP-Websites plugin <= 6.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dutafi in WordPress Plugin onOffice for WP-Websites versions = 6.5.1...

CVE-2019-10045

The "action" getsessid in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her if the session is...

CVE-2015-10045

A vulnerability, which was classified as critical, was found in tutrantta projecttodolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. ...

CVE-2024-10045

creationtimestamp| type| source ---|---|--- 2024-10-23 10:41:53+00:00| seen| https://t.me/cvedetector/8679...

CVE-2024-10045 Transients Manager <= 2.0.6 - Cross-Site Request Forgery

The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the processactions function. This makes it possible for unauthenticated attackers to delete transients via a...

WordPress Transients Manager Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Transients Manager Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10045 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3cec6ef3dda4 Credits David Gallagher...

Ubuntu: Security Advisory (USN-5956-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5956-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K73926196: PHPMailer vulnerability CVE-2016-10045

Security Advisory Description The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in...

CVE-2015-10045

CVE-2015-10045 affects the tutrantta project_todolist, specifically the library/Database.php function getAffectedRows/where/insert/update. The issue is a SQL injection vulnerability reported as critical. A patch named 194a0411bbe11aa4813f13c66b9e8ea403539141 is recommended to fix the issue. Publi...

CVE-2015-10045 tutrantta project_todolist Database.php update sql injection

A vulnerability, which was classified as critical, was found in tutrantta projecttodolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. ...

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement...

AZL-10045 CVE-2022-33099 affecting package lua for versions less than 5.4.3-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

Siemens SICAM MMU, SICAM T, and SICAM SGU Authentication Bypass By Capture-Replay (CVE-2020-10045)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. This plugin onl...

CVE-2020-10045

The CVE affects Siemens SICAM MMU (all versions before 2.05), SICAM SGU (all versions), and SICAM T (all versions before 2.18). Root cause is an error in the challenge-response procedure allowing replay of authentication traffic to reach protected web areas, effectively enabling an authentication...

GHSA-5F37-GXVH-23V6 Remote code execution in PHPMailer

Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...

Remote code execution in PHPMailer

Impact The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in...

GHSA-4PC3-96MX-WWC8 Remote code execution in PHPMailer

Impact The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in...