Lucene search
K

384 matches found

NVD
NVD
added 2021/11/23 8:15 p.m.24 views

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.2CVSS0.01238EPSS
Exploits2References1
Prion
Prion
added 2021/11/23 8:15 p.m.15 views

Sql injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

6CVSS7.1AI score0.01238EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/23 7:16 p.m.33 views

CVE-2021-24877 MainWP Child < 4.1.8 - Admin+ SQL Injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.4AI score0.01238EPSS
Exploits2References1
CVE
CVE
added 2021/11/23 7:16 p.m.52 views

CVE-2021-24877

CVE-2021-24877 affects the WordPress MainWP Child plugin prior to version 4.1.8. The issue is an SQL injection caused by lack of validation of the orderby and order parameters before their use in a SQL statement, exploitable by high-privilege users (e.g., admin) when the Backup and Staging by WP ...

7.2CVSS7.2AI score0.01238EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.19 views

MainWP Child < 4.1.8 - Admin+ SQL Injection

The plugin does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed PoC POST / HTTP/1.1 Accept:...

7.2CVSS1.3AI score0.01238EPSS
Exploits2Affected Software1
ThreatPost
ThreatPost
added 2021/08/04 9:14 p.m.44 views

Black Hat: Bugs Allow Takeover of Capsule Hotel Rooms

LAS VEGAS – A series of vulnerabilities in internet of things IoT devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms’ amenities – and punish a loud neighbor. An inadvertent bug hunt began when Kya Supa, security consultant at LEXFO, was traveling...

7.6AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/30 1:13 p.m.81 views

Important: Red Hat Security Advisory: Satellite 6.7.4 Async Bug Fix Update

Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...

8.8CVSS7.3AI score0.00315EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2020/09/30 12:0 a.m.95 views

RHEL 7 : Satellite 6.7.4 Async Bug Fix Update (Important) (RHSA-2020:4127)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4127 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

8.8CVSS7.8AI score0.00315EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.7 views

Important: Red Hat Bug Fix Advisory: Satellite 6.7.2 Async Bug Fix Update

Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...

9.8CVSS6.8AI score0.26587EPSS
Exploits5References25
OSV
OSV
added 2020/02/06 5:15 p.m.4 views

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

9.8CVSS7.3AI score0.46454EPSS
Exploits2References2
NVD
NVD
added 2020/02/06 5:15 p.m.23 views

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

9.8CVSS9.7AI score0.46454EPSS
Exploits2References2
Prion
Prion
added 2020/02/06 5:15 p.m.15 views

Design/Logic Flaw

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

7.5CVSS9.5AI score0.46454EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/02/06 4:27 p.m.118 views

CVE-2020-8771

The WordPress Time Capsule plugin (before 1.21.16) is affected by an authentication bypass. The issue occurs when a request contains IWP_JSON_PREFIX, causing the user to be logged in as the first administrator. Technical root cause is in wptc-cron-functions.php where parse_request calls decode_se...

9.8CVSS9.5AI score0.46454EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/02/06 4:27 p.m.31 views

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

9.7AI score0.46454EPSS
Exploits2References2
NVD
NVD
added 2020/01/31 4:15 p.m.25 views

CVE-2014-4859

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

7.2CVSS6.7AI score0.00587EPSS
Exploits0References1
OSV
OSV
added 2020/01/31 4:15 p.m.9 views

CVE-2014-4859

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

6.8CVSS7AI score
Exploits0References1
OSV
OSV
added 2020/01/31 4:15 p.m.7 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

6.8CVSS6.6AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/01/31 4:15 p.m.34 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.8AI score0.00504EPSS
Exploits0References2
Prion
Prion
added 2020/01/31 4:15 p.m.14 views

Integer overflow

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.9AI score0.00504EPSS
Exploits0References1
CVE
CVE
added 2020/01/31 3:8 p.m.100 views

CVE-2014-4859

CVE-2014-4859 is an integer overflow in the Drive Execution Environment (DXE) capsule processing of the UEFI Capsule Update mechanism in the open-source EDK2 UEFI implementation; CVE-2014-4860 covers overflow in the PEI phase during capsule coalescing. Impact: potential bypass of access restricti...

7.2CVSS6.6AI score0.00587EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder