CVE-2017-18536

The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS...

PT-2025-14185 · Unknown · Neteuro Turisbook Booking System

Name of the Vulnerable Software and Affected Versions: Neteuro Turisbook Booking System versions 1.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

WordPress TheFude theme < 1.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme TheFude - Crowdfunding & Charity WordPress Theme versions 1.3.8...

PT-2022-23613 · WordPress · Advanced Import

Name of the Vulnerable Software and Affected Versions: Advanced Import WordPress plugin versions prior to 1.3.8 Description: The issue concerns a lack of CSRF check in the Advanced Import WordPress plugin, allowing attackers to make a logged-in admin install arbitrary plugins from WordPress.org a...

CVE-2022-1532

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

GHSA-W94P-6MHW-4QXW Improper Access Control in Elasticsearch

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

CVE-2017-7175

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter aka the "Custom output format" field...

AlienVault USM/OSSIM/NfSen Remote Code Execution Vulnerability

AlienVault USM and OSSIM are both products of AlienVault, Inc. in the U.S. USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system, among other features.OSSIM is an open-source security information management...

AZL-44325 CVE-2016-10087 affecting package fltk for versions less than 1.3.8-1

The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and...

Authentication flaw

Basic Analysis and Security Engine BASE before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via 1 basemain.php, 2 baseqryalert.php, and possibly other vectors...