151 matches found
WordPress crafty-social-buttons plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. crafty-social-buttons is a plugin for adding links to social networking sites. A cross-site scripting vulnerability exists in the...
CVE-2017-18578
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS...
CVE-2017-18578
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS...
CVE-2017-18578
The CVE-2017-18578 issue affects the WordPress plugin Crafty Social Buttons, specifically versions prior to 1.5.8. The vulnerability is a Cross-Site Scripting (XSS) flaw in the plugin, enabling client-side code execution. Public sources (Red Hat, CNVD/CVE records, and WP vulnerability discussions...
CVE-2017-18578
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
Crafty Social Buttons < 1.5.8 - XSS
The Crafty Social Buttons WordPress plugin was affected by a XSS security vulnerability...
Design/Logic Flaw
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...
Crafty Candy - Customized SSL, Redefined SSL Common Names verifier, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Crafty Candy published at the 'play' market has multiple vulnerabilities...
Crafty World Exploration - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Crafty World Exploration published at the 'play' market has multiple vulnerabilities...
CVE-2015-1345
The bmexectrans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service out-of-bounds heap read and crash via crafted input when using the -F option...
Crafty Syntax Image Gallery <= 3.1g Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This...
Crafty Syntax Live Help 2.9.9 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln
No description provided by source. Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online...
Crafty Syntax Live Help 2.14.6 'livehelp_js.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30543/info Crafty Syntax Live Help CSLH is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script...
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion Full Path Disclosure
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion Full Path Disclosure source: https://www.securityfocus.com/bid/59322/info Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input...
Crafty Syntax Live Help RFI / Path Disclosure
Exploit Title : Crafty Syntax Live Help = 2.. & 3.. RFI + Path Disclosure Date : 4/19/2013 Author : ITTIHACK Home : http://ittihack.com Vendor : http://www.craftysyntax.com Download : http://www.craftysyntax.com/craftysyntax3.4.1.zip Version : 2. and 3. , All versions Category : webapps Google do...
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure
source: https://www.securityfocus.com/bid/59322/info Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to obtain sensitive...
CVE-2012-2812
The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory via crafted EXIF tags in an image...
CVE-2011-3723
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...