CVE-2023-1974

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2023-1975

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

ResourcePack Server Security Vulnerability

ResourcePack Server is a small server hosting server resource pack by Brian Duan, an individual developer in China. A security vulnerability exists in iceice666 ResourcePack Server versions prior to v1.0.8, which stems from a vulnerability that allows remote attackers to disclose files on the...

openBI 访问控制错误漏洞

openBI is a big data visualization solution from openBI, Inc. An access control error vulnerability exists in openBI prior to version 1.0.8, which stems from a problem with the dlfile function in the /application/index/controller/Screen.php file that could lead to incorrect access control...

openBI 代码问题漏洞

openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem with the uploadUnity function of the /application/index/controller/Unity.php file, which could lead to unrestricted file uploads...

Dromara Sureness Trust Management Issues Vulnerability

Sureness is dromara open source a simple and efficient security framework . Focused on API protection. A security vulnerability exists in versions prior to Dromara Sureness v1.0.8 that stems from the use of hard-coded keys when creating and validating Json Web tokens...

WordPress plugin Woo Products Widgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE CVE-2013-1808

Cross-site scripting XSS vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is...

SUSE CVE-2015-8770

Directory traversal vulnerability in the setskin function in program/include/rcmailoutputhtml.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. dot dot in the skin...

PT-2022-9504 · WordPress +1 · Transposh Wordpress Translation Plugin +1

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions prior to 1.0.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the a parameter is not properly sanitised and escaped via an AJAX action. This...

GHSA-5V8V-66V8-MWM7 Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...

CVE-2020-22886

Buffer overflow vulnerability in function jsGmarkobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service...

UBUNTU-CVE-2020-22885

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service...

Microsoft Actions Http-Client Information Disclosure Vulnerability

Microsoft Actions Http-Client is the United States Microsoft Microsoft a lightweight HTTP client. An information disclosure vulnerability exists in Microsoft Actions Http-Client NPM @actions/http-client versions prior to 1.0.8. The vulnerability stems from a configuration or other error in the...

WordPress sell-downloads plugin information disclosure vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sell-downloads is a paid downloadable site builder plugin used in it. A security vulnerability exists in WordPress sell-downloads plug...

CVE-2017-18579

The corner-ad plugin before 1.0.8 for WordPress has XSS...

PT-2013-3402 · Django Software Foundation +1 · Django +1

Name of the Vulnerable Software and Affected Versions: ZeroClipboard versions prior to 1.0.8 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the id parameter. This affects various products that use ZeroClipboard, including em-shorty...