CVE-2023-0082

The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Improper Validation of Specified Type of Input

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the registrar process. An attacker can cause the application to fail by populating the...

WordPress Modern Events Calendar plugin <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery vulnerability

Authenticated Subscriber+ Server Side Request Forgery vulnerability discovered by Foxyyy in WordPress Plugin Modern Events Calendar versions = 7.12.1...

WordPress Modern Events Calendar Plugin <= 7.12.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Modern Events Calendar Type Plugin Vulnerable versions = 7.12.1 Fixed in 7.13.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-6522 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 2c1730c6aa47 Credits Foxyyy Required...

SUSE CVE-2005-0490

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by 1 the Curlinputntlm functio...

Kibana 7.11.0 < 7.12.1 Denial Of Service

According to its self-reported version number, the Kibana application running on the remote host is 7.11.0 prior to 7.12.1. It is, therefore, affected by : - An XML External Entity in the App Search web crawler beta feature CVE-2021-22140 Note that the scanner has not tested for these issues but...

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

Elastic Kibana DoS Vulnerability (ESA-2021-10)

Kibana is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana";...

CVE-2021-22139

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all...

Denial of service

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all...

Elastic App Search web crawler 代码问题漏洞

Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...

7.12.1 Security Update

Kibana denial of service issue ESA-2021-10 A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailab...

CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

curl security update

7.12.1-11.1.el48.3 - http://curl.haxx.se/docs/adv20100209.html 565406...

CVE-2005-0490

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by 1 the Curlinputntlm functio...

CVE-2005-0490

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by 1 the Curlinputntlm functio...