WordPress plugin Flash & HTML5 Video 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exists...

PT-2024-30486 · Unknown · Flash & Html5 Video

Name of the Vulnerable Software and Affected Versions: Flash & HTML5 Video versions 2.5.31 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where data that should be kept private is made accessible to individuals wh...

WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...

WordPress Flash & HTML5 Video Plugin <= 2.5.30 is vulnerable to Broken Access Control

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.30 Fixed in 2.5.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43296 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 14d9f8844f5d Credits Ananda Dhakal Patchstac...

Code injection

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid...

CVE-2023-47102

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid...

UrBackup Security Vulnerability

UrBackup is an open source backup and recovery system for multiple platforms. A security vulnerability exists in UrBackup Server version 2.5.31, which stems from a failure message that confirms an invalid username and can be exploited by an attacker to brute force enumerate user accounts...

PT-2023-30310 · Unknown · Urbackup Server

Name of the Vulnerable Software and Affected Versions: UrBackup Server version 2.5.31 Description: The issue allows for brute-force enumeration of user accounts. This is possible because a failure message confirms when a username is not valid. Recommendations: For UrBackup Server version 2.5.31,...

SUSE CVE-2023-34149

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

SUSE CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...

GHSA-8F6X-V685-G2XC Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a...

Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...

PT-2022-28184 · Ez Systems +1 · Ez Platform +1

Name of the Vulnerable Software and Affected Versions: Ibexa DXP versions 3.3. through 3.3.27 Ibexa DXP versions 4.2. through 4.2.2 eZ Platform versions 2.5. through 2.5.30 Description: Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...