17 matches found
CVE-2025-13393
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
CVE-2024-13393
creationtimestamp| type| source ---|---|--- 2025-01-18 07:16:14+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfyraqyhek2t 2025-01-18 07:23:39+00:00| seen| https://infosec.exchange/users/cve/statuses/113848157404077718 2025-01-18 07:39:19+00:00| seen|...
CVE-2024-13393
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhispervideos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-13393
CVE-2024-13393 affects the Video Share VOD – Turnkey Video Site Builder Script WordPress plugin. The vulnerability is Stored Cross-Site Scripting via the videowhisper_videos shortcode in all versions up to 2.6.31, caused by insufficient input sanitization and output escaping of user-supplied attr...
CVE-2024-13393 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhispervideos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-13393 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhispervideos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied...
CVE-2020-13393
creationtimestamp| type| source ---|---|--- 2020-05-27 07:55:31+00:00| seen| https://t.me/cibsecurity/12298 2025-02-11 20:09:33+00:00| seen| https://bsky.app/profile/r-netsec.bsky.social/post/3lhwhnmxiny23...
CVE-2020-13393
CVE-2020-13393 affects multiple Tenda routers (e.g., AC6/AC9/AC15/AC18) where the httpd web server mishandles POST data to /goform/saveParentControlInfo. The root cause is a buffer overflow: a value from the deviceId and time parameters is copied via strcpy into a stack variable, overwriting the ...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
CVE-2019-13393
Affected product: Voo-branded NETGEAR CG3700b with custom firmware V2.02.03. Issue: same default 8-character passphrase used for both the administrative console and the WPA2 pre-shared key. Root cause: credential reuse enables exposure of management/admin access and wireless PSK. Exploitation pat...
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2019-13393)
Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an out-of-bounds read vulnerability. An attacker can exploit this vulnerability to obtain information...
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF...
CVE-2018-13393
The CVE-2018-13393 vulnerability concerns Atlassian Confluence Questions prior to version 2.6.6. The issue is a CSRF flaw in the convertCommentToAnswer resource that could let a remote attacker modify a user’s comment into an answer. Atlassian notes a fixed version in Confluence 6.9.0, with the v...
The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...
The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...
Fedora Core 12 FEDORA-2009-13393 (rubygem-actionpack)
The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-13393. OpenVAS Vulnerability Test $Id: fcore200913393.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13393 rubygem-actionpack Authors: Thomas Reinke...