26 matches found
CVE-2020-13504
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...
CVE-2024-13504
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-13504
creationtimestamp| type| source ---|---|--- 2025-01-31 05:38:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113921353183294059 2025-01-31 06:16:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzdxx6nbt2r 2025-01-31 07:24:02+00:00|...
CVE-2024-13504 Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-13504
CVE-2024-13504 relates to the Shared Files – Frontend File Upload Form & Secure File Sharing WordPress plugin (versions up to 1.7.42). The vulnerability is a stored XSS via dfxp file uploads caused by insufficient input sanitization and output escaping, affecting Apache-based environments. Exploi...
CVE-2024-13504 Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for...
Debian dla-3265 : exiv2 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3265 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3265-1 [email protected]...
CVE-2020-13504
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...
CVE-2020-13504
CVE-2020-13504 pertains to Aveva eDNA Enterprise Data Historian ednareporting.asmx and covers an unauthenticated SQL injection vulnerability in the AttFilterValue parameter (also related CVEs 13503, 13505, 13521 as per TALOS TALOS-2020-1108). The Talos report documents multiple SQL injection vect...
CVE-2020-13504
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...
Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities
Talos Vulnerability Report TALOS-2020-1108 Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities September 23, 2020 CVE Number CVE-2020-13503, CVE-2020-13504, CVE-2020-13505, CVE-2020-13521 Summary Multiple SQL injection vulnerabilities exists in the...
Debian: Security Advisory (DLA-1855-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1855-1] exiv2 security update
Package : exiv2 Version : 0.24-4.1+deb8u4 CVE ID : CVE-2019-13504 It was discovered that there was an integer overflow vulnerability in exiv2, a tool to manipulate images containing eg. EXIF metadata. This could have resulted in a denial of service via a specially- crafted file. For Debian 8...
CVE-2019-13504
creationtimestamp| type| source ---|---|--- 2019-07-11 22:06:43+00:00| seen| https://t.me/canyoupwnme/5738 2019-07-12 05:23:43+00:00| published-proof-of-concept| https://t.me/antichat/5837 2019-07-12 09:52:27+00:00| seen| https://t.me/thebugbountyhunter/2870...
CVE-2019-13504
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2...
AZL-7203 CVE-2019-13504 affecting package exiv2 for versions less than 0.27.5-1
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2...
DEBIAN-CVE-2019-13504
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2...
CVE-2019-13504
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2...
CVE-2019-13504
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2...
CVE-2019-13504
Exiv2 CVE-2019-13504 is an out-of-bounds read in Exiv2::MrwImage::readMetadata (mrwimage.cpp) present in Exiv2 up to version 0.27.2. Connected sources indicate vulnerable Exiv2 readers handle MRW metadata and that the issue can affect installations using Exiv2 prior to fixes. Debian and Alpine ad...