75 matches found
CVE-2026-5041
creationtimestamp| type| source ---|---|--- 2026-03-29 10:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116311996902257625 2026-03-29 10:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mi6wwkabje2s...
CVE-2023-5041
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
Linux Distros Unpatched Vulnerability : CVE-2016-5041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using...
CVE-2024-5041 Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
RHEL 7 : libdwarf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libdwarf: heap-based buffer over-read in dwarfformsdata CVE-2017-9055 - The dwarfreadciefdeprefix functio...
CVE-2023-5041
The CVE-2023-5041 entry concerns the Track The Click WordPress plugin (versions before 0.3.12). Root cause: improper sanitization of query parameters to the stats REST endpoint, enabling a time-based blind SQL injection in database queries when accessed by an authenticated user with author role o...
CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
Ubuntu 16.04 ESM : libapreq2 vulnerability (USN-5041-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5041-1 advisory. It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain crafted HTTP requests. An attacker could possibly use the vulnerabili...
WordPress Track The Click Plugin < 0.3.12 is vulnerable to SQL Injection
Software Track The Click Type Plugin Vulnerable versions 0.3.12 Fixed in 0.3.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5041 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1853e39ba601 Credits Karolis Narvilas Required privilege Author Publish...
SUSE CVE-2015-5041
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...
SUSE CVE-2017-5041
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page...
SUSE: Security Advisory (SUSE-SU-2016:0428-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0770-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0776-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0636-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0431-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0433-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0390-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-5041
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...