WordPress Plugin Tera Charts - Local File Inclusion

Multiple local file inclusion vulnerabilities in Tera Charts tera-charts plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the fn parameter to 1 charts/treemap.php or 2 charts/zoomabletreemap.php. id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts...

CVE-2023-4940

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsswap function. This makes it possible for unauthenticated attackers to manipulate products via a forged...

CVE-2006-4940

login/forgotpassword.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information e-mail addresses and Moodle account names via a find action...

CVE-2025-4940

CVE-2025-4940 affects 1000 Projects Daily College Class Work Report Book 1.0. A SQL injection vulnerability exists in the handling of the batch argument in /admin_info.php, which can be triggered remotely. Multiple Connected documents confirm the issue, retrieving that the vulnerability stems fro...

CVE-2025-4940 1000 Projects Daily College Class Work Report Book admin_info.php sql injection

A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admininfo.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely...

CVE-2025-4940 1000 Projects Daily College Class Work Report Book admin_info.php sql injection

A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admininfo.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely...

bento2seldon (>=0.1.0 <=0.4.0), bento2seldon4recsys (>=0.1.0 <=0.1.3) +15 more potentially affected by CVE-2024-4940 via bentoml (>=0.10.1 <=1.2.20)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 - tfhubartifact =0.0.4 and more Source cves: CVE-2024-4940 Source advisory: OSV:GHSA-564P-RX2Q-4C8V...

Linux Distros Unpatched Vulnerability : CVE-2011-4940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not plac...

VulnCheck KEV: CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...

Axigen Arbitrary File Read And Delete

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axigen Arbitrary File Read and Delete', 'Description' = %q This module exploits a directory traversal vulnerability in the WebAdmin interface of...

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +153 more potentially affected by CVE-2024-4940 via gradio (>=1.7.7 <=4.33.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.8.11, =0.4.0, =0.7.0.dev134, =0.1.0rc1, =0.1.0rc2 - aqueduct-llm =0.0.1 and more Source cves: CVE-2024-4940 Source advisory: OSV:GHSA-G6C9-F4XM-9J4X...

Rocky Linux 9 : xz (RLSA-2022:4940)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4940 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Broken Access Control

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4940 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID b80cebcdc2c4 Credits Chloe Chamberland Required...

CVE-2022-4940 WCFM Membership <= 2.10.0 - Missing Authorization

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

CVE-2022-4940

CVE-2022-4940 affects the WordPress plugin WCFM Membership (WordPress/WCFM Membership plugin) up to version 2.10.0. The root cause is missing capability checks on several AJAX actions (wcfm-memberships, wcfm-memberships-manage, wcfm-memberships-settings), leading to broken access control and allo...

SUSE CVE-2012-2639

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

Oracle Linux 9 : xz (ELSA-2022-4940)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4940 advisory. 5.2.5-8 - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 9 : xz (RHSA-2022:4940)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4940 advisory. XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv- Markov chain algorithm LZMA, which performs...

Ubuntu: Security Advisory (USN-4940-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Infosphere BigInsights is affected by a vulnerability that could allow a local attacker to obtain the value-add services passwords stored in the Ambari configuration file (CVE-2015-4928, CVE-2015-4940).

Summary Infosphere BigInsights is affected by a vulnerability that could allow a local attacker to obtain value-add services passwords stored in the Ambari configuration file. The passwords are shown in plain text CVE-2015-4928, CVE-2015-4940. Vulnerability Details CVEID: CVE-2015-4928 DESCRIPTIO...