MiracleLinux 7 : libreoffice-4.3.7.2-5.el7.1 (AXSA:2015-935:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-935:01 advisory. LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor,...

CVE-2025-5212

A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been classified as critical. Affected is an unknown function of the file /admin/editempexp.php. The manipulation of the argument emp1name leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2017-5212

Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control...

CVE-2024-5212

creationtimestamp| type| source ---|---|--- 2024-08-31 07:32:10+00:00| seen| https://t.me/cvedetector/4563...

CVE-2024-5212

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2019-5212

creationtimestamp| type| source ---|---|--- 2024-03-05 15:51:58+00:00| seen| https://t.me/ctinow/200371...

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion Vulnerabilities

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

AI ChatBot < 4.9.3 - Subscriber+ Arbitrary File Deletion

Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server. This vulnerability is the same as CVE-2023-5212 but was accidentally reintroduced in version...

CVE-2023-5212

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take ove...

CVE-2023-5212

CVE-2023-5212 refers to the AI ChatBot for WordPress, where an authenticated subscriber+ can misuse the qcld_openai_delete_training_file path to perform an arbitrary file deletion on the server. Affected versions are

Mageia: Security Advisory (MGASA-2021-0077)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5212-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-2 advisory. USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Ubuntu: Security Advisory (USN-5212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5212-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to...

SUSE: Security Advisory (SUSE-SU-2015:1915-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nethack packages fix security vulnerabilities

Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own...

CVE-2013-5212

Cross-site Scripting XSS in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file...