166 matches found
WordPress plugin EventPrime security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-11569 · Nuki · Nuki Smart Lock 2.0 +1
Name of the Vulnerable Software and Affected Versions: Nuki Smart Lock 3.0 versions 3.0 through 3.3.4 Nuki Smart Lock 2.0 versions 2.0 through 2.12.3 Description: An issue was discovered on certain Nuki Home Solutions devices, where it is possible to send multiple BLE malformed packets to block...
WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Booking Price Manipulation vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin EventPrime versions = 3.3.4...
WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...
WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection
Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...
CVE-2023-48331
Cross-Site Request Forgery CSRF vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4...
WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac06dff1976c Credits Nguyen Xuan...
Apache Hadoop allows local user to gain root privileges
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
Apache Hadoop Code Issue Vulnerability
Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Foundation. It is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, and high fault tolerance. A security vulnerability exists in...
WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)
Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...
PT-2023-26332
Name of the Vulnerable Software and Affected Versions coreruleset aka OWASP ModSecurity Core Rule Set versions 3.3.4 and earlier Description The issue allows attackers to potentially bypass a Web Application Firewall WAF using a crafted payload, exploiting "Content-Type confusion" between the WAF...
OWASP ModSecurity Core Rule Set 安全漏洞
The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set 3.3.4 and earlier versions that stems from not blocking multiple Content-Type...
CVE-2023-36521
A vulnerability has been identified in SIMATIC MV540 H All versions V3.3.4, SIMATIC MV540 S All versions V3.3.4, SIMATIC MV550 H All versions V3.3.4, SIMATIC MV550 S All versions V3.3.4, SIMATIC MV560 U All versions V3.3.4, SIMATIC MV560 X All versions V3.3.4. The result synchronization server of...
PT-2023-24194 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...
PT-2023-24195 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.4 Description: A SQL injection issue was discovered in the nameFilter function, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical...
OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities
Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
CVE-2023-25049
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...
WordPress affiliate-toolkit Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)
Software affiliate-toolkit Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23786 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35eed840e2de Credits yuyudhn Required...
WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Broken Access Control
Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 5.8 Developer Claim ownership PSID a71c4c5edd92 Credits RE-ALTER Required privilege Unauthenticat...
SUSE CVE-2013-7338
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a file size value larger than the size of the zip file to the 1 ZipExtFile.read, 2 ZipExtFile.readn, 3 ZipExtFile.readlines, 4 ZipFile.extract, or 5 ZipFile.extractall function...