EUVD-2023-2458

Malicious code in bioql PyPI...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

WordPress Salon booking system plugin <= 9.6.5 - Editor+ Stored XSS via Email Settings vulnerability

Editor+ Stored XSS via Email Settings vulnerability discovered by Bob Matyas in WordPress Plugin Salon booking system versions = 9.6.5...

CVE-2024-2439 Salon booking system <= 9.6.5 - Editor+ Stored XSS

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2603 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3efd4f7767a Credits Bob Matyas Required...

Cros secrets may be disclosed to untrusted relay

An issue was discovered in Croc before 9.6.16. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

CVE-2023-43617

An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

Croc Security Breach

croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc 9.6.5 and earlier versions that stems from allowing an attacker to send dangerous files to the recipient...

CVE-2023-43620

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

CVE-2023-43621

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43617

An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

UltraIso v 9.6.5 - Buffer Overflow Vulnerability

Exploit for windows platform in category dos / poc !/usr/bin/perl Title : UltraIso v 9.6.5 - Buffer Overflow Vulnerability Author : ZwX Date : 24/10/2015 Vendor : https://www.ezbsystems.com/ Download : http://www.ezbsystems.com/ultraiso/download.htm Tested Os : Windows 7 steps to reproduce the...

Null pointer dereference

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...