MINI-2GFR-94Q2-4757

Bulletin has no description...

MiracleLinux 8 : cockpit-composer-41-1.el8, osbuild-composer-62-1.el8.ML.1, osbuild-65-1.el8.ML.2, weldr-client-35.5-4.el8 (AXSA:2023-4757:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4757:01 advisory. golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service CVE-2022-32189...

CVE-2022-4757

The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2012-4757

Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse 1 mfc71loc.dll or 2 mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the...

CVE-2005-4757

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" slash servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections...

CVE-2025-4757 PHPGurukul Beauty Parlour Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploi...

CVE-2025-4757 PHPGurukul Beauty Parlour Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploi...

RHSA-2024:4757

creationtimestamp| type| source ---|---|--- 2025-04-11 22:51:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11502...

Linux Distros Unpatched Vulnerability : CVE-2015-4757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown...

AlmaLinux 9 : libvirt (ALSA-2024:4757)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4757 advisory. libvirt: stack use-after-free in virNetClientIOEventLoop CVE-2024-4418 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Oracle Linux 9 : libvirt (ELSA-2024-4757)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4757 advisory. 10.0.0-6.6.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 10.0.0-6.6.el94 - vmx: Do not require DVS Port ID RHEL-45520 - vmx: Do not require all ID...

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress Logo Manager For Enamad Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4757 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 134c5c763311 Credits Bob Matyas...

RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2015:1630)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1630 advisory. - mysql: unspecified vulnerability related to Server:GIS CPU July 2015 CVE-2015-2582 - mysql: unspecified vulnerability related to...

CVE-2023-4757

creationtimestamp| type| source ---|---|--- 2024-01-23 19:17:41+00:00| seen| https://t.me/ctinow/172239...

CVE-2023-4757 Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

CVE-2023-4757

CVE-2023-4757 affects the WordPress plugin “Staff / Employee Business Directory for Active Directory” (LDAP/AD directory plugin) prior to version 1.2.3. The root cause is improper escaping of data returned from the LDAP server, allowing LDAP-controlled entries to inject malicious JavaScript when ...

CVE-2023-4757 Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...