CVE-2021-24717

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions...

CVE-2021-24717 AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions...

Finding Results at the Intersection of Security and Engineering

As vice president and head of global security at ActiveCampaign, I’m fortunate to be able to draw on a multitude of experiences and successes in my career. I started in general network security, where I was involved in pen testing and security research. I worked at several multibillion-dollar Saa...

Xxe

ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...

Allround Automations PL/SQL Developer Installed

Binary data allautoplsqldeveloper.nbin...

Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE

The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...

Allround Automations PL/SQL Developer Arbitrary Code Execution Vulnerability

Allround Automations PL/SQL Developer is an integrated development environment for developing stored procedures for Oracle Databases. An arbitrary code execution vulnerability exists in Allround Automations PL/SQL Developer, which can be exploited by an attacker to execute arbitrary code...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Design/Logic Flaw

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

CVE-2016-2346 affects Allround Automations PL/SQL Developer prior to 11.0.6.1776. The vulnerability arises from verifying HTTP update data, allowing a man-in-the-middle to modify the client‑server data stream and execute arbitrary code with the user’s privileges. Affected version: PL/SQL Develope...