1306 matches found
WordPress NotificationX plugin <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Khanh Hao in WordPress Plugin NotificationX versions = 2.9.3...
PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance
Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...
CVE-2024-53285
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in DDNS Record functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitiv...
WordPress Library Management System plugin <= 3.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Eduardo Bido in WordPress Plugin Library Management System versions = 3.1...
SQL Injection
decidimawesome-module is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in SQL commands within the papertrail/version model, allowing an authenticated admin user to manipulate SQL queries to disclose information, read/write files, or execute...
WordPress SG Helper plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin SG Helper versions = 1.0...
PT-2024-38846
Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis...
CVE-2024-5920
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions ...
CVE-2024-38656
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-38655
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-34784
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-34781
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-37376
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-34780
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-32844
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-32847
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-32841
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-50328
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-50327
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-50326
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution...