CVE-2024-51644 WordPress Addressbook plugin <= 1.1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through = 1.1.3...

CVE-2024-51644 WordPress Addressbook plugin <= 1.1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through = 1.1.3...

CVE-2024-51644

CVE-2024-51644 — WordPress Addressbook plugin CSRF to Stored XSS Affects WordPress Addressbook plugin versions up to and including 1.1.3. The issue arises from a Cross-Site Request Forgery (CSRF) that enables Stored XSS in the Addressbook component. Public references in the connected docs (PT Sec...

WordPress plugin Addressbook 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2024-34788 · Unknown · Sam Wilson Addressbook

Name of the Vulnerable Software and Affected Versions: Sam Wilson Addressbook versions 1.1.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions 1.1.3 and earlier, update to a version that fixes this issue,...

WordPress Addressbook plugin <= 1.1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Addressbook versions = 1.1.3...

WordPress Addressbook Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Addressbook Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51644 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5403374942a8 Credits SOPROBRO Required privile...

RHEL 6 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-...

RHEL 5 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-...

CVE-2024-25511

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicnew.aspx...

CVE-2024-25510

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicshow.aspx...

CVE-2024-25510

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicshow.aspx...

CVE-2024-25510

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicshow.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /AddressBook/addresspublicshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

CVE-2024-25511

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicnew.aspx...

CVE-2024-25511

CVE-2024-25511 affects RuvarOA v6.01 and v12.01, where an SQL injection can be triggered via the id parameter in /AddressBook/address_public_new.aspx. The underlying issue is lack of validation of external SQL statements, enabling attackers to execute arbitrary SQL commands and potentially access...

CVE-2024-25510

RuvarOA v6.01 and v12.01 are affected by an SQL injection in the id parameter of /AddressBook/address_public_show.aspx. The root cause is lack of validation for external SQL statements, enabling attackers to execute arbitrary SQL and potentially steal sensitive data. Public sources (CNVD, CNNVD, ...

CVE-2024-25511

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicnew.aspx...

CVE-2023-35927 Nextcloud system addressbooks can be modified by malicious trusted server

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35927

The CVE-2023-35927 issue affects Nextcloud Server and Enterprise Server where two trusted servers exchange share secrets and an attacker could modify or delete VCards in the origin server’s system address book, impacting user search and avatar menus. The initial description lists affected lines f...