MiracleLinux 3 : apr-util-1.2.7-7AXS3.1 (AXSA:2009-69:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-69:01 advisory. The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines. This library contains additional utilit...

EUVD-2013-1956

Malware in sbrugna...

CVE-2024-1956

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

CVE-2021-1956

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

CVE-2002-1956

ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files...

CVE-2025-1956

creationtimestamp| type| source ---|---|--- 2025-03-04 22:33:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6461 2025-03-04 23:30:46+00:00| published-proof-of-concept| Telegram/kKmhqMAO0G41xSuzHMEpIuMySOUPwocgu6rbuAMEaHx4Gt4 2025-03-04 23:54:11+00:00| seen|...

CVE-2025-1956

CVE-2025-1956 affects code-projects Shopping Portal 1.0. The vulnerability is an SQL injection in the Login component, triggered by manipulating the password parameter in /Shopping/Admin/index.php. Exploitation is possible remotely, and public disclosure of the exploit is indicated. Connected doc...

CVE-2025-1956 code-projects Shopping Portal Login index.php sql injection

A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. This affects an unknown part of the file /Shopping/Admin/index.php of the component Login. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-1956 code-projects Shopping Portal Login index.php sql injection

A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. This affects an unknown part of the file /Shopping/Admin/index.php of the component Login. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely...

In Memoriam: Ross Anderson, 1956–2024

Last week, I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Heres the longer version. EDITED TO ADD 4/11: Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story...

CVE-2024-1956

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

CVE-2024-1956

CVE-2024-1956 affects the WordPress plugin WPB Show Core prior to version 2.7. The vulnerability is a reflected XSS caused by insufficient sanitization/escaping of parameters in responses to unauthenticated requests. Multiple sources (Red Hat, CVE lists, Patchstack, WPVulndb) confirm the issue an...

WordPress WPB Show Core Plugin < 2.7 is vulnerable to Cross Site Scripting (XSS)

Software WPB Show Core Type Plugin Vulnerable versions 2.7 Fixed in 2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1956 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID bfdeecd15ddf Credits Bob Matyas Required privilege...

Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)

The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...

SUSE: Security Advisory (SUSE-SU-2023:1956-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1956

creationtimestamp| type| source ---|---|--- 2023-04-08 14:28:38+00:00| seen| https://t.me/cibsecurity/61706...

CVE-2023-1956

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=deleteimg of the component Image Handler. The manipulation of the argument path leads to path...