52 matches found
CVE-2014-5453
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions Everyone: Full Control for the program installation directory %PROGRAMFILES%\Ubisoft Game Launcher, which allows local users to gain privileges via a Trojan horse file...
CVE-2024-5453
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-5453
CVE-2024-5453 affects the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. It enables unauthorized data modification via a missing capability check in pm_dismissible_notice and pm_wizard_update_group_icon across all versions up to 5.8.6. Authentication required: attackers wit...
WordPress ProfileGrid Plugin <= 5.8.6 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.8.6 Fixed in 5.8.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5453 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cc4be9b4d163 Credits Lucio Sá Required privilege...
Oracle Linux 9 : glibc (ELSA-2023-5453)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5453 advisory. - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode 2234716. Tenable has extracted the preceding description block directly from the...
AlmaLinux 9 : glibc (ALSA-2023:5453)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5453 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via...
Mozilla Firefox Security Advisory (MFSA2017-10) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2020-5453
...
CVE-2020-5453
CVE-2020-5453 entry is rejected/not used and does not represent an active vulnerability.
RHEL 7 : pacemaker (RHSA-2020:5453)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5453 advisory. The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in th...
CVE-2019-5453
Summary: CVE-2019-5453 affects the Nextcloud Android app prior to 3.3.0. The issue is a bypass of the app’s lock protection, allowing access to files when prompted for lock and switching to the Nextcloud file provider. Multiple connected sources corroborate the vulnerability, including CNVD/NVD e...
AirTies Air 5453 Cross-Site Scripting Vulnerability
AirTies Air 5453 is a wireless router product from Airties Turkey. A cross-site scripting vulnerability exists in the AirTies Air 5453. A remote attacker can exploit this vulnerability by sending the 'productboardtype' parameter to the top.html page to inject arbitrary web script or HTML...
CVE-2018-17593
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter...
CVE-2018-17593
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter...
Design/Logic Flaw
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter...
CVE-2018-17593
CVE-2018-17593 affects AirTies Air 5453 devices running software 1.0.0.18. A cross-site scripting vulnerability exists in the top.html page via the productboardtype parameter, enabling injection of arbitrary script/HTML. Public reports (CNVD, Exploit-DB, 0day, PacketStorm) corroborate the XSS iss...
CVE-2018-17593
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter...
CVE-2017-5453
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...