Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

CVE-2019-25485

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

CVE-2019-25485

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

CVE-2021-25485

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket...

CVE-2023-25485

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bernhard Kux JSON Content Importer plugin = 1.3.15 versions...

CVE-2023-25485

The CVE-2023-25485 entry concerns the WordPress JSON Content Importer plugin (versions

CVE-2023-25485 WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bernhard Kux JSON Content Importer plugin = 1.3.15 versions...

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25485 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8e9e1b4a066a Credits Rio Darmawan...

CVE-2022-25485

creationtimestamp| type| source ---|---|--- 2022-03-15 21:19:38+00:00| seen| https://t.me/cibsecurity/38964 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities -...

CVE-2021-25485

creationtimestamp| type| source ---|---|--- 2021-10-06 22:32:17+00:00| seen| https://t.me/cibsecurity/30085...

CVE-2021-25485

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket...

CVE-2021-25485

CVE-2021-25485 corresponds to a path-traversal vulnerability in FactoryAirCommnadManger, exploitable via a Bluetooth remote socket to write files as the system UID. Affected firmware/product versioning is described as prior to Samsung SMR Oct-2021 Release 1. The connected sources consistently ide...