37 matches found
CVE-2025-12636
creationtimestamp| type| source ---|---|--- 2025-11-06 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02 2025-11-07 00:41:03+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4ytqvyvy7i2 2025-11-07 02:08:52+00:00| seen|...
CVE-2024-12636
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'createpopupdeleteprocess' functio...
CVE-2024-12636
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'createpopupdeleteprocess' functio...
CVE-2024-12636 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'createpopupdeleteprocess' functio...
CVE-2019-12636
creationtimestamp| type| source ---|---|--- 2024-01-15 15:41:38+00:00| seen| https://t.me/ctinow/168420...
SUSE CVE-2017-12636
CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...
CVE-2018-12636
creationtimestamp| type| source ---|---|--- 2021-07-28 16:34:38+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/159...
CVE-2019-12636
Cisco CVE-2019-12636 is a CSRF vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches (250, 350, 550X series). The issue stems from insufficient CSRF protections, enabling an unauthenticated, remote attacker to trick a user into visiting a malicious...
Apache CouchDB - Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache CouchDB Arbitrary Command Execution', 'Description' = %q CouchDB administrative users can configure the database server via HTTPS. Some of...
FreeBSD : couchdb -- multiple vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)
Apache CouchDB PMC reports : Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases. C Tenable Network Security, Inc. The descriptive text and...
Input validation
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB contains a privilege-escalation path where an administrator can modify HTTP-configured settings despite a blacklist, potentially elevating to the OS user that CouchDB runs under and leading to arbitrary remote code execution. The issue stems from insufficient validation of administ...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
WordPress iThemes Security Plugin SQL Injection (CVE-2018-12636)
A SQL injection vulnerability exists in WordPress iThemes Security Plugin . Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2018-12636
The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...
Apache CouchDB Remote Code Execution
Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...
Apache CouchDB < 2.1.0 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1....
Apache CouchDB < 2.1.0 - Remote Code Execution
Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...
Apache CouchDB 2.1.0 - Remote Code Execution
Apache CouchDB 2.1.0 - Remote Code Execution Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on...