CVE-2022-4754

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

Cross site scripting

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

CVE-2022-4754 Easy Social Box <= 4.1.2 - Contributor+ Stored XSS via Shortcode

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

CVE-2022-4754 Easy Social Box <= 4.1.2 - Contributor+ Stored XSS via Shortcode

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

CVE-2022-4754

CVE-2022-4754 affects the WordPress plugin Easy Social Box / Page Plugin (

WordPress Plugin Easy Social Box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

The vulnerability of the Azure Data Box Gateway allows a hacker to execute arbitrary code.

The vulnerability of the Azure Data Box Gateway is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

QVidium Technologies Amino A140 命令注入漏洞

The QVidium Technologies Amino A140 is a HD IPTV/OTT set-top box from QVidium Technologies. A security vulnerability exists in the QVidium Technologies Amino A140 versions prior to firmware version 1.0.0-283 that originates from a command injection in the web management interface of older QVidium...

Web-Hacking-Playground - Web Application With Vulnerabilities Found In Real Cases, Both In Pentests And In Bug Bounty Programs

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them. Other topics of interest will also be addresse...

SUSE CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

SUSE CVE-2006-2782

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

SUSE CVE-2009-0652

The Internationalized Domain Names IDN blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...

SUSE CVE-2011-0020

Heap-based buffer overflow in the pangoft2fontrenderboxglyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code...

SUSE CVE-2013-0800

Integer signedness error in the pixmanfillsse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows...

SUSE CVE-2014-9626

Integer underflow in the MP4ReadBoxString function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7...

SUSE CVE-2014-9627

The MP4ReadBoxString function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large bo...

SUSE CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

SUSE CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

SUSE CVE-2016-10250

The jp2colrdestroy function in jp2cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service NULL pointer dereference by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887...

SUSE CVE-2017-9616

In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion uncontrolled recursion in the dissectmp4box function in epan/dissectors/file-mp4.c...