CVE-2024-12872

The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12872

CVE-2024-12872 affects the Zalomení WordPress plugin (versions up to 1.5). The issue stems from insufficient sanitisation/escaping of certain settings, allowing a high-privilege user (e.g., an admin) to perform Stored Cross-Site Scripting, even when unfiltered_html is disallowed (notably in multi...

CVE-2020-12872

creationtimestamp| type| source ---|---|--- 2024-01-08 12:19:23+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3548...

Oracle Linux 8 : glibc (ELSA-2023-12872)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12872 advisory. - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2023-4813: potential use-after-free in gaihinet RHEL-2435. - CVE-2023-4813:...

Debian: Security Advisory (DLA-1205-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-202009-14] yaws: multiple issues

Arch Linux Security Advisory ASA-202009-14 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-12872 CVE-2020-24379 CVE-2020-24916 Package : yaws Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1228 Summary ======= The packag...

CVE-2020-12872

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

CVE-2020-12872

CVE-2020-12872 affects the Yaws web server (Erlang) via yaws_config.erl in versions up to 2.0.7, which load obsolete TLS ciphers that enable Sweet32 attacks. Public advisories (e.g., Arch Linux ASA-202009-14) and OSV/NVD entries confirm the issue and note fixed upstream in 2.0.8; upgrading to 2.0...

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

CVE-2019-12872

DotCMS prior to 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker with Publisher role via view_unpushed_bundles.jsp. Root cause described in CNVD note as lack of validation of externally entered SQL statements in database-based apps. Impact per sources is execution of il...

CVE-2018-12872

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2018-12872

CVE-2018-12872 affects Adobe Acrobat/Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier. Root cause: out-of-bounds read, leading to potential information disclosure. No exploitation details provided in the sources. APSB18-30 references fixes; re...

Debian DLA-1408-1 : simplesamlphp security update

CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret...

[SECURITY] [DLA 1408-1] simplesamlphp security update

Package : simplesamlphp Version : 1.13.1-2+deb8u2 CVE ID : CVE-2017-12868 CVE-2017-12872 CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing...

Debian DLA-1205-1 : simplesamlphp security update

The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...

[SECURITY] [DLA 1205-1] simplesamlphp security update

Package : simplesamlphp Version : 1.9.2-1+deb7u1 CVE ID : CVE-2017-12867 CVE-2017-12868 CVE-2017-12869 CVE-2017-12872 CVE-2017-12873 CVE-2017-12874 The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information...

CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

CVE-2017-12872

CVE-2017-12872 affects SimpleSAMLphp (