EUVD-2024-2315

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-31042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

Elliptic 安全漏洞

Elliptic is a fast elliptic curve cryptographic library in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic version 6.5.7, which stems from an inability to properly verify valid signatures in its ECDSA implementation...

WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...

PT-2024-39220 · Unknown · Bit File Manager

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.5.7 Description: The issue is due to a lack of proper checks on allowed file types, making it possible for authenticated attackers with Subscriber-level access and above, and granted...

Parse Server Security Vulnerability

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 6.5.7 and 7.1.0 that stems from vulnerability to SQL injection attacks when configured to use a...

Znuny和Znuny LTS 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny and Znuny LTS that stems from the presence of a path traversal vulnerability. An attacker could exploit the vulnerability to upload a file to an arbitrary writable location. Affected products and versions: Znun...

PT-2024-24615 · Znuny +1 · Znuny +2

Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...

PT-2024-24613 · Znuny +1 · Znuny +1

Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...

WordPress Import all XML, CSV & TXT plugin <= 6.5.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin versions = 6.5.7. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.8...

UBUNTU-CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

PT-2022-3247 · Guzzle +1 · Guzzle +1

Name of the Vulnerable Software and Affected Versions: Guzzle versions prior to 6.5.7 Guzzle versions prior to 7.4.4 Description: The Cookie headers on requests are sensitive information. When making a request using the https scheme to a server that responds with a redirect to a URI with the http...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 contains an XSS vulnerability in the Workflow Delegation &gt; Requester Roles UI. The root cause is a cross-site scripting flaw in that screen, allowing injection of malicious script that could run in an affected user’s browser. Documents consistently identi...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

CVE-2018-15608

Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen...

ManageEngine ADManager Plus 6.5.7 - HTML Injection

Exploit Title: ManageEngine ADManager Plus 6.5.7 - HTML Injection Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Version: 6.5...