7705 matches found
Sql injection
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blogeventsedit.php...
Exploit for CVE-2022-30190
CVE-2022-30190 This Repository Talks about the Follina MSDT fr...
Wedding Management System SQL注入漏洞
Wedding Management System is a wedding planning management system by John Paul Lim Gabule. v1.0 of Wedding Management System is vulnerable to SQL injection, which originates from /Wedding-Management/admin/ blogeventsedit.php?id=31 page lacks validation of external input SQL statements, which can ...
Responsive Online Blog SQL注入漏洞
Responsive Online Blog is a responsive online blog site. responsive Online Blog v1.0 is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the id parameter of single.php. An attacker could use this vulnerability to execute illegal SQL commands t...
Remote code execution
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...
CVE-2022-29659
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...
CVE-2022-29659
CVE-2022-29659 concerns a SQL injection in Responsive Online Blog v1.0 exploitable via the id parameter in single.php . The issue arises from unsanitized input being incorporated into SQL queries, enabling an attacker to manipulate the database and potentially access or alter data. The vulnerabil...
CVE-2022-30823
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blogeventsedit.php...
CVE-2022-30823
CVE-2022-30823 affects Wedding Management System v1.0 and is caused by SQL Injection via the admin\blog_events_edit.php entry point. The vulnerability is documented across multiple feeds (NVD, CNVD, RH, etc.) with CVSS v3.1 base score 7.2 (HIGH) and CVSS v2.0 base score 6.5 (MEDIUM); impact inclu...
Malicious code in mb-blog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 658aa7eb483cfd352b2c2c628d938ac8566bbf7cbb32d0e806867d1abcc8ae24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
WordPress plugin Content Mask 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...
CVE-2022-1203 Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
Threat Source newsletter (May 26, 2022) — BlackByte adds itself to the grocery list of big game hunters
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week. The one big... This is only the beginning!...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Root shell PoC for CVE-2021-3156 no brutef...
Cyber Risk Management Strategies from Arjo CIO
Andrea Berg, CIO of Arjo, explores the critical need for effective and inclusive communication around IT requirements to expand beyond the security team and improve cyber risk management...
GHSA-FPV7-HX6R-9VCX Mezzanine Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/. This issue is different than CVE-2018-16632...
hexo-wustxiao-blog (=1.1.1) potentially affected by CVE-2019-17606 via hexo-admin (=2.3.0)
hexo-admin NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on hexo-admin and may be impacted: - hexo-wustxiao-blog =1.1.1 Source cves: CVE-2019-17606 Source advisory: OSV:GHSA-G784-Q3P3-26RM...
CVE-2022-25237: Bonitasoft Authorization Bypass and RCE
The post CVE-2022-25237: Bonitasoft Authorization Bypass and RCE appeared first on Rhino Security Labs...