MINI-2GF2-MPRH-6244

Bulletin has no description...

MiracleLinux 9 : firefox-102.13.0-2.el9.ML.1 (AXSA:2023-6244:26)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6244:26 advisory. Mozilla: Use-after-free in WebRTC certificate generation CVE-2023-37201 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey...

CVE-2025-6244

The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via Calendar And Business Reviews Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and outpu...

WordPress Essential Addons for Elementor plugin <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Calendar And Business Reviews Widgets vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.1.19...

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

Linux Distros Unpatched Vulnerability : CVE-2015-6244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dissectzbeesecure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length...

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

CVE-2024-6244 pz-frontend-manager < 1.0.6 - CSRF change user profile picture

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6244 pz-frontend-manager < 1.0.6 - CSRF change user profile picture

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress pz-frontend-manager Plugin < 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software pz-frontend-manager Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00622e75c008 Credits Vuln Seeker...

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

CVE-2023-6244

CVE-2023-6244 describes a Cross-Site Request Forgery in the EventON WordPress plugin (EventON Pro and EventON Lite). The flaw arises from missing or incorrect nonce validation in the save_virtual_event_settings function, allowing unauthenticated attackers to modify virtual event settings via forg...

WordPress EventON Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8c97e0a9cf60 Credits Francesco Carlucci Required...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5cacf0b27060 Credits Francesco Carlucci...

Ubuntu: Security Advisory (USN-6244-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : AMD Microcode vulnerability (USN-6244-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6244-1 advisory. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector...

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

CVE-2020-6244

SAP Business Client 7.0 is affected by CVE-2020-6244. The issue arises from an uncontrolled search path element that allows a social-engineering attacker to place a DLL in untrusted directories, which can then be executed by the application and enable the attacker to control its behavior. Exploit...

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

CVE-2019-6244

Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...