CVE-2018-25121

Nagios XI

PT-2025-44545

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

WordPress WP SMS Plugin < 5.4.13 is vulnerable to Cross Site Scripting (XSS)

Software WP SMS Type Plugin Vulnerable versions 5.4.13 Fixed in 5.4.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-24561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 935be5382779 Credits Muhammad Daffa Required privileg...

CVE-2021-44057

An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station...

CVE-2021-24561

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wpgroupname" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue...

PT-2021-16080 · WordPress · Wp Sms

Name of the Vulnerable Software and Affected Versions: WP SMS WordPress plugin versions prior to 5.4.13 Description: The issue is related to an Authenticated Stored Cross-Site Scripting problem. It occurs because the wp group name parameter is not properly sanitized before being outputted back in...

WordPress plugin WP SMS 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

SOCA Access Control System 180612 SQL Injection

SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and...

SOCA Access Control System 180612 Reflected Cross-Site Scripting

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2018-09053)

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A cross-site scripting vulnerability exists in the Schedule New Report page in Nagios XI version 5.4.13,...

Nagios XI Directory Traversal Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version 5.4.13. An attacker can exploit the vulnerability to...

NagiosXI <= 5.4.12 info.php SQL injection(CVE-2018-10736)

NagiosXI = 5.4.12 info.php SQL injectionCVE-2018-10736 Description A SQL injection issue was discovered in Nagios XI via the admin/info.php key1 parameter. Affected Version Nagios XI 5.2.x Nagios XI 5.4.x before 5.4.13 Proof of concept...

Cross site request forgery (csrf)

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

CVE-2018-10553

An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

CVE-2018-10553

An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings...

CVE-2018-8736

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root...

CVE-2018-8735

Remote command execution RCE vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection...

Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

Fedora 18 : php-5.4.13-1.fc18 (2013-3891)

Upstream NEWS, 14 Mar 2012, PHP 5.4.13 Core : - Fixed bug 64235 Insteadof not work for class method in 5.4.11. Laruence - Implemented FR 64175 Added HTTP codes as of RFC 6585. Jonh Wendell - Fixed bug 64142 dval to lval different behavior on ppc64. Remi - Fixed bug 64070 Inheritance with Traits...