335 matches found
PT-2022-24230 · WordPress · Analytify
Name of the Vulnerable Software and Affected Versions: Analytify plugin versions = 4.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to...
Cross site scripting
mxGraph v4.2.2 was discovered to contain a cross-site scripting XSS vulnerability via the setTooltips function...
PT-2022-25387 · Mxgraph · Mxgraph
Name of the Vulnerable Software and Affected Versions: mxGraph version 4.2.2 Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs via the setTooltips function, which is susceptible to XSS attacks. Recommendations: For mxGraph version 4.2.2, consider disabling t...
Joomla JoomRecipe 4.2.2 Cross Site Scripting Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : JoomBoost │ │ Software :...
CVE-2022-3268 Weak Password Requirements in ikus060/minarca
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2...
CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...
[SECURITY] Fedora 36 Update: cheat-4.2.2-4.fc36
Cheat allows you to create and view interactive cheatsheets on the command- line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember...
CVE-2022-31044
The CVE-2022-31044 issue affects Rundeck where the Key Storage converter plugin mechanism was not enabled correctly in versions 4.2.0 and 4.2.1, causing the encryption layer for Key Storage to potentially not work and allowing credentials created or overwritten in these releases to be written in ...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (=5.1.0), ca.uhn.hapi.fhir:hapi-fhir-cli-jpaserver (=5.1.0) +152 more potentially affected by CVE-2020-5411 via org.springframework.batch:spring-batch-core (>=4.0.0.RELEASE <=4.2.2.RELEASE)
org.springframework.batch:spring-batch-core MAVEN version =4.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =4.2.0, =4.2.0, =3.0.0, =2020.08.001 and more Source cves: CVE-2020-5411 Source advisory: OSV:GHSA-4PH4-Q9R5-6WM6...
am.ik.home:uaa-client (>=1.3.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.3.0 <=1.9.0) +1073 more potentially affected by CVE-2017-4995 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.2.RELEASE)
org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =1.1.1, =0.2.0, =1.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.5, =A.1.1.1, =A.2.0.0, =A.1.1.1, =A.2.0.0, =A.2.0.0.RC1 and more Source cves: CVE-2017-4995 Source advisory: OSV:GHSA-VHRG-V3CV-P247...
CVE-2021-28962
Stormshield Network Security SNS before 4.2.2 allows a read-only administrator to gain privileges via CLI commands...
Stormshield Network Security 命令注入漏洞
Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A command injection vulnerability exists in Stormshield Network Security because the product does not effectively restrict command line input data. The vulnerability can b...
PT-2022-9906 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions prior to 4.2.2 Description: The issue allows a read-only administrator to gain privileges via CLI commands. Recommendations: For versions prior to 4.2.2, update to version 4.2.2 or later to resolve th...
CVE-2021-45885
An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...
CVE-2021-45885
An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...
GHSA-HXJ6-V58R-CQV3 Cross Site Scripting in Subrion CMS
Cross Site Scripting XSS vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file...
Command injection
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...
CVE-2021-32594
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files...
CVE-2021-32590
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...