104 matches found
CVE-2024-1759
The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Linux Distros Unpatched Vulnerability : CVE-2010-1759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1759)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-1759
The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress WP ULike Plugin <= 4.6.9 is vulnerable to Cross Site Scripting (XSS)
Software WP ULike Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1759 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db48c23d8083 Credits stealthcopter Required...
Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2022:1759)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1759 advisory. - A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the...
Amazon Linux AMI : postgresql92 (ALAS-2023-1759)
The version of postgresql92 installed on the remote host is prior to 9.2.24-3.69. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1759 advisory. This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser...
SUSE SLES15 / openSUSE 15 Security Update : dpdk (SUSE-SU-2023:1759-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1759-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...
CVE-2023-1759
creationtimestamp| type| source ---|---|--- 2023-03-31 07:21:56+00:00| seen| https://t.me/cibsecurity/61231...
CVE-2023-1759 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...
CVE-2023-1759 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...
CVE-2023-1759
CVE-2023-1759 is a stored cross-site scripting (XSS) vulnerability affecting phpMyFAQ versions prior to 3.1.12, reported across multiple feeds. The issue arises from storing user-supplied input without proper validation, enabling injection of script code in the affected application. The connected...
CVE-2022-1759 RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escap...
CVE-2022-1759
The CVE pertains to the WordPress plugin RB Internal Links (versions up to 2.0.16). The issue is a CSRF deficiency when updating plugin settings, enabling a logged-in attacker to induce an admin to modify settings, and it also enables Stored Cross-Site Scripting due to insufficient sanitisation/e...
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2022-1759)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : virt:ol / and / virt-devel:ol (ELSA-2022-1759)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1759 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,...
CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:1759)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1759 advisory. - QEMU: block: fdc: null pointer dereference may lead to guest crash CVE-2021-20196 - ntfs-3g: Out-of-bounds heap buffer access in ntfsgetattributevalu...
CVE-1005-1759
The provided connected Ubuntu advisory (USN-171-1) details multiple PHP4-related issues tied to CVE-1005-1759. The php4-dev package ships shtool in /usr/lib/php4/build/, where shtool created temporary files insecurely, enabling a local symlink attack to write arbitrary files with the invoking use...
CVE-2019-1759
creationtimestamp| type| source ---|---|--- 2021-10-26 20:35:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/268...