184 matches found
Command injection
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin wholesale-market...
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Impact The default landing page contained HTML to display a sample curl command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is directly interpolated into this command inside the browser from window.location.href. On some older...
Events Made Easy < 2.2.81 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...
Improper privilege management - Anyone can view room settings.
Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...
HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure
The plugin leaks the secret login URL when sending a specific crafted request PoC curl -sIXGET -H "Cookie: validloginslug=1" https://example.com/wp-login.php HTTP/2 302 x-redirect-by: WordPress location: secret...
ROS-20220516-30
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...
Personal Dictionary < 1.3.4 - Unauthenticated SQLi
The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. PoC 1. Create a new page with the plugin's shortcode shortcode can be copied from...
Personal Dictionary < 1.3.4 - Unauthenticated SQLi
The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. 1. Create a new page with the plugin's shortcode shortcode can be copied from...
Default configuration
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...
PT-2022-10288 · Atune · Atune
Name of the Vulnerable Software and Affected Versions: atune versions prior to 0.3-0.8 Description: The issue allows an attacker to escalate local privileges or modify any file by accessing the local atune URL interface. This can be achieved by logging in as a local user and running a curl comman...
part-db 0.5.11 - Remote Code Execution Exploit
Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848 --------------- !/bin/bash...
OESA-2022-1541 A-Tune security update
atune is a service for atuned AI tuning system. Security Fixes: Log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.CVE-2021-33658...
Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE
The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...
BookingPress < 1.0.11 - Unauthenticated SQL Injection
The plugin fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection - Create a new "category" and associate i...
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection PoC Create an "item" and a "location" via the newly added...
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection Create an "item" and a "location" via the newly added...
Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com
Vulnerability description not provided...