CVE-2021-24460

The getfblikeboxes function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

CVE-2021-24458

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

Sql injection

The getfblikeboxes function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Popup Like box - Page Plugin prior to version 3.5....

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Popup box prior to version 2.3.4, which...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

Cross site scripting

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page...

S-CMS Cross-Site Scripting Vulnerability (CNVD-2021-58258)

S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...

White Box Testing What Is, Types, Techniques, Example

White Box Testing is programming trying, or rather inner center and foundation. Get familiar with about this strategy in this article. What is White Box Testing? White Box Testing can be depicted as a program-testing methodology in which a product’s interior construction, plan and coding are trie...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in the dialog box handling on Windows component of the Chromium...

CVE-2020-14032

ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...

CVE-2020-14032

ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...

Privilege escalation

ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...

CVE-2020-14032

ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...

CVE-2020-14032

CVE-2020-14032 affects ASRock 4x4 BOX-R1000 BIOS prior to P1.40. The root cause is a lack of validation for ArgsStruct data in the SMM SmiGetVariable handling (SMI 0xEF), allowing an attacker to write to SMRAM and achieve code execution in SMM, leading to privilege escalation. CVSS metrics in NVD...

ASRock 4x4 BOX-R1000 安全漏洞

ASRock Industrial 4x4 BOX-R1000 is a fan-shaped embedded box computer from ASRock Industrial. A security vulnerability exists in ASRock 4x4 BOX-R1000 BIOS versions prior to P1.40, which allows attackers to elevate privileges via code execution in SMM...

CVE-2021-1518 Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...

Chromium: CVE-2021-30586 Use after free in dialog box handling on Windows

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2020-19488

An issue was discovered in boxcodeapple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilstitemRead...

UBUNTU-CVE-2020-19488

An issue was discovered in boxcodeapple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilstitemRead...