WordPress plugin WC Marketplace 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-14085 · Unknown · Multivendorx Wc Marketplace

Name of the Vulnerable Software and Affected Versions: MultiVendorX WC Marketplace versions n/a through 4.0.23 Description: The issue is related to a Missing Authorization vulnerability in MultiVendorX WC Marketplace, which allows exploiting incorrectly configured access control security levels...

CVE-2024-27995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...

CVE-2024-27995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...

WordPress ARMember Plugin <= 4.0.23 is vulnerable to Cross Site Scripting (XSS)

Software ARMember Type Plugin Vulnerable versions = 4.0.23 Fixed in 4.0.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27995 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a530dd76b60e Credits Van Lyubov Required privilege Administrator...

SUSE CVE-2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack...

SUSE CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

SUSE CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...

Samba Privilege Escalation Vulnerability (CVE-2014-8143)

In Samba Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the...

Squid Buffer Overflow Vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A buffer overflow vulnerability exists in Squid versions 4.0.23 through 4.7. The vulnerability originates when a netwo...

DEBIAN-CVE-2018-1000024

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server...

ALPINE-CVE-2018-1000024

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server...

Squid Security Update Advisory (SQUID-2018:1)

Squid is vulnerable to denial of service attack when processing ESI responses. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OTRS 3.3.x <= 3.3.16, 4.x <= 4.0.23, 5.x <= 5.0.19 Privilege Escalation Vulnerability

OTRS is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...

Request Tracker 4.0.x < 4.0.23 / 4.2.x < 4.2.10 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 4.0.x prior to 4.0.23 or version 4.2.x prior to 4.2.10. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the email...

Design/Logic Flaw

RT aka Request Tracker before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL...

MySQL udf_init function 信息泄露

MySQL 4.0.23 及之前版本与 4.1.10 及之前的版本存在一个信息泄露的弱点. 这个弱点的问题存在 sqludf.cc 中 udfinit function 在检查资料夹区分时缺乏适当的验证, 导致讯息 漏的弱点. 当本地端攻击者是拥有 INSERT 和 DELETE 的权限时, 可以利用 CREATE FUNCTION 来呼叫 libc 程式库, 进而执行任意的程式码. MySQL 4.0.23 及之前版本与 4.1.10 及之前的版本 参考 MySQL 4.0 与 4.1 Downloads, 升级到 4.0.24 或 4.1 .10a 或 最新的 MySql 版本...

MySQL安全调用特权提升漏洞

MySQL是一款开放源代码的数据库程序。 MySQL在部分函数过程中不正确恢复访问特权，远程攻击者可以利用漏洞提升权限，进行其他攻击。 目前没有详细漏洞细节提供。 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1...

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...

CVE-2005-0711

The CVE-2005-0711 issue affects MySQL versions 4.0.23 and earlier, and 4.1.x up to 4.1.10. It stems from using predictable file names when creating temporary tables, allowing a local user with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. The description doe...