76 matches found
CVE-2022-4785 Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode
The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Ubuntu: Security Advisory (USN-4785-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress Video Sidebar Widgets Plugin <= 6.1 is vulnerable to Cross Site Scripting (XSS)
Software Video Sidebar Widgets Type Plugin Vulnerable versions = 6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4785 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 2859d13481bb Credits István Márton...
Oracle Linux 7 : rpm (ELSA-2021-4785)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4785 advisory. 4.11.3-48 - Fix double-free in previously added patch 2004228 4.11.3-47 - Improve range checks on signature and main header tags 2004228 - Fixes CVE-2021-20271...
Debian DSA-4785-1 : raptor2 - security update
It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed. C Tenable Network Security, Inc. The descriptive text and package...
CVE-2020-4785
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...
CVE-2020-4785
CVE-2020-4785 affects IBM App Connect Enterprise Certified Container Dashboard (versions 1.0.0–1.0.4 with Operator). The vulnerability allows a remote attacker to hijack a victim’s click actions (clickjacking) by luring the user to a malicious site, potentially enabling further attacks. IBM’s bul...
CVE-2019-4785
...
CVE-2019-4785
CVE-2019-4785 is explicitly rejected/not used per description; this entry does not represent an active vulnerability.
CVE-2017-4785
This CVE entry is rejected and not used; the candidate number was not assigned to any issues.
CVE-2017-4785
...
CVE-2012-4785
This CVE entry is rejected/not used as explicitly stated in the Initial Description.
CVE-2016-4785
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...
CVE-2016-4785
SiemenS SIPROTEC 4/Compact EN100 Ethernet modules are affected by CVE-2016-4785. The integrated web server (port 80) could disclose a limited amount of device memory content to remote attackers with network access, and the issue only affects EN100 Ethernet modules inside SIPROTEC4 and SIPROTEC Co...
Siemens SIPROTEC Information Disclosure Vulnerabilities (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SIPROTEC 4 and SIPROTEC Compact Vulnerabilities : Information Exposure 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-140-02...
CVE-2015-4785
Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624,...
CVE-2015-4785
Technical details about CVE-2015-4785 are not provided in the connected documents. No specific affected products, vectors, or fixes are disclosed here; monitor for updates from official advisories.
E107 alternate_profiles Plugin SQL Injection (CVE-2008-4785)
An SQL injection vulnerability has been reported in E107 Alternate Profiles Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2014-4785
IBM Initiate Master Data Service (versions 9.5, 9.7, 10.0, 10.1) contains a CSRF vulnerability (CVE-2014-4785) that could allow remote authenticated users to hijack another user’s session by submitting requests that insert XSS sequences. The issue is documented in IBM’s security bulletin covering...
Dell iDRAC6 Multiple Vulnerabilities
The remote Dell Integrated Remote Access Controller 6 iDRAC6 is affected by the following vulnerabilities : - A flaw exists in the testurls.html page that allows a remote attacker to authenticate as root. A remote attacker can exploit this to enable root user access over SSH, telnet, and other...