Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

MiracleLinux 4 : thunderbird-38.7.0-1.AXS4 (AXSA:2016-141:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-141:03 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security issues fixed with this release: CVE-2016-1952 Multiple unspecified...

Linux Distros Unpatched Vulnerability : CVE-2020-1957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. CVE-2020-195...

That Time Tom Lehrer Pranked the NSA

Bluesky thread. Here's the paper, from 1957. Note reference 3...

CVE-2021-1957

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2025-1957

creationtimestamp| type| source ---|---|--- 2025-03-04 22:33:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6448 2025-03-05 00:12:41+00:00| seen| https://t.me/cvedetector/19548 2025-08-18 18:31:00+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2025-1957 code-projects Blood Bank System o+.php cross site scripting

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

CVE-2025-1957

The CVE-2025-1957 entry concerns code-projects Blood Bank System 1.0. Affected component: unknown code in /BBfile/Blood/o+.php, where manipulation of the Bloodname parameter enables cross-site scripting. Impact is described as low to moderate depending on data, with remote initiation and user int...

CVE-2025-1957 code-projects Blood Bank System o+.php cross site scripting

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

WordPress GiveWP Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software GiveWP Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1957 Patch priority Low CVSS severity Low 6.5 Developer Liquid Web / StellarWP PSID f3cbd83f12af Credits Ngô Thiên An ancorn Requir...

CVE-2024-1957

CVE-2024-1957 concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress. It is a stored cross-site scripting (XSS) vulnerability in the plugin’s shortcodes, specifically via the ‘give_form’ shortcode in all versions up to and including 3.6.1, caused by insufficient input sanitizati...

CVE-2023-1957

creationtimestamp| type| source ---|---|--- 2023-04-08 14:28:39+00:00| seen| https://t.me/cibsecurity/61707...

CVE-2023-1957

CVE-2023-1957 affects SourceCodester Online Computer and Laptop Store v1.0. The SQL injection is triggered via the sub_category parameter in /classes/Master.php?f=save_sub_category (Subcategory Handler). Several sources describe remote exploitation, with high-severity impact on confidentiality, i...

Amazon Linux 2 : ca-certificates (ALAS-2023-1957)

The version of ca-certificates installed on the remote host is prior to 2021.2.50-72. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1957 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while...

SUSE CVE-2013-1957

The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2018-1957)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2022-1957

CVE-2022-1957 concerns the WordPress plugin Comment License prior to version 1.4.0. Affected component: the plugin’s settings update flow, which lacks CSRF verification. Root cause: missing CSRF check during settings updates. Impact: could allow an attacker to alter settings by inducing a logged-...

Apache Shiro < 1.5.2 Authentication Bypass

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

CVE-2021-1957

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2021-1957

CVE-2021-1957 is a Qualcomm Bluetooth vulnerability affecting Snapdragon devices (Auto, Compute, Connectivity, Industrial IOT, Mobile, Voice & Music). The root cause is improper access control when ACL link encryption fails and the ACL link is not disconnected during reconnection with a paired de...