WordPress Auto Affiliate Links plugin <= 6.8.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by DJumanto in WordPress Plugin Auto Affiliate Links versions = 6.8.8...

[SECURITY] Fedora 38 Update: kernel-6.8.8-100.fc38

The kernel meta package...

CVE-2023-23900 WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...

WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2021-26683

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

Cross site scripting

A remote unauthenticated stored cross-site scripting XSS vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a...

Aruba ClearPass Policy Manager 安全漏洞

Aruba ClearPass Policy Manager is a network access control NAC solution. An elevation of privilege vulnerability exists in ClearPass OnGuard prior to Aruba ClearPass Policy Manager versions 6.9.5, 6.8.8-HF1, and 6.7.14-HF1, which can be exploited by a locally authenticated user on Windows platfor...

Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2020-07)

Elasticsearch is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Privilege escalation

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

UBUNTU-CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

Vaadin Framework 6.0.0 - 6.8.7 HTML Injection Vulnerability

Vaadin Framework is prone to a SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:vaadin:vaadin"; ifdescription...

ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)

I saw the notice for this CVE today but there was no known published expoits so I figured I'd put together this quick POC. Note, all app modules for the tested version were compiled with safeSEH so my use of an OS module may require adjustment of the offsets. There also appears to be several bad...