CVE-2024-47332

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through = 2.5.11...

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS site building system . A security vulnerability exists in version 2.5.11 of emlog, which stems from the incorrect operation of the parameter tag in the file /include/controller/apicontroller.php leading to SQL injection...

CVE-2024-9201 SQL injection vulnerability in SEUR plugin

The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘idorder’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint...

SEUR plugin SQL注入漏洞

SEUR plugin is a Prestahop plugin from SEUR. A SQL injection vulnerability exists in SEUR plugin versions prior to 2.5.11, which stems from a time-based SQL injection attack via the idorder parameter...

PT-2024-39484 · Unknown · Seur Plugin

Name of the Vulnerable Software and Affected Versions: SEUR plugin versions prior to 2.5.11 Description: The SEUR plugin is vulnerable to time-based SQL injection through the use of the id order parameter of the "/modules/seur/ajax/saveCodFee.php" endpoint. This issue affects versions prior to...

CVE-2024-47332

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11...

WordPress Sky Addons for Elementor plugin <= 2.5.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Sky Addons for Elementor versions = 2.5.11...

Symfony has unsafe methods in the Request class

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not maintain...

XoopsCore25 2.5.11 Cross Site Scripting

Title: XoopsCore25-2.5.11-XSS-Reflected Author: nu11secur1ty Date: 02/12/2024 Vendor: https://xoops.org/ Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11 Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The value of the yname...

WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions = 2.5.10.2 Fixed in 2.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26017 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8b238ad29bbd Credits yuyudhn Required...

OpenLDAP SQLi Vulnerability (May 2022)

OpenLDAP is prone to an SQL injection SQLi vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +11850 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-web (>=1.0.0.RELEASE <=2.5.11)

org.springframework.boot:spring-boot-starter-web MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =1.4.2, =1.6.6, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory:...

CVE-2018-6806

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

Easy DVD Creator 2.5.11 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Easy DVD Creator 2.5.11 - Buffer Overflow Windows 10 64bit, SEH Date: 26-08-2017 Exploit Author: tr0ubl3m4k3r Vulnerable Software: Easy DVD Creator Vendor Homepage: http://www.divxtodvd.net/ Version: 2.5.11...

Easy DVD Creator 2.5.11 Buffer Overflow

!/usr/bin/python Exploit Title: Easy DVD Creator 2.5.11 - Buffer Overflow Windows 10 64bit, SEH Date: 26-08-2017 Exploit Author: tr0ubl3m4k3r Vulnerable Software: Easy DVD Creator Vendor Homepage: http://www.divxtodvd.net/ Version: 2.5.11 Software Link: http://www.divxtodvd.net/easydvdcreator.exe...

Easy DVD Creator 2.5.11 - Local Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Easy DVD Creator 2.5.11 - Buffer Overflow Windows 10 64bit, SEH Date: 26-08-2017 Exploit Author: tr0ubl3m4k3r Vulnerable Software: Easy DVD Creator Vendor Homepage: http://www.divxtodvd.net/ Version: 2.5.11 Software Link: http://www.divxtodvd.net/easydvdcreator.exe...

Easy DVD Creater 2.5.11 - Local Buffer Overflow (SEH)

Easy DVD Creater 2.5.11 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy DVD Creater 2.5.11 - 'Enter User Name' Field Buffer Overflow SEH Date: 19-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: Easy DVD Creater Vendor Homepage:...

Design/Logic Flaw

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...

PT-2015-5706 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony HttpFoundation component versions 2.0.X through 2.6.X Description: The issue affects the SymfonyComponentHttpFoundationRequest class, which has a mechanism to ensure it does not trust HTTP header values coming from a "non-trusted"...

Cross site scripting

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...