Lucene search
K

266 matches found

wpexploit
wpexploit
added 2023/12/08 12:0 a.m.144 views

Backup Migration Staging < 1.3.6 - Sensitive Data Exposure

Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. 1 Run a backup of the site 2 Notice the following files are all publicly available while the...

7.5CVSS9.2AI score0.00688EPSS
Exploits2References1
Fedora
Fedora
added 2023/09/15 7:4 p.m.19 views

[SECURITY] Fedora 39 Update: rubygem-activerecord-7.0.7.2-1.fc39

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.23 views

Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5.2AI score0.00726EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/09/06 1:15 p.m.25 views

Authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

4CVSS4.5AI score0.00726EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/06 12:55 p.m.27 views

CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5.3AI score0.00726EPSS
Exploits0References1
OSV
OSV
added 2023/09/06 12:55 p.m.16 views

CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS6AI score0.00726EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/09/06 12:55 p.m.13 views

CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS6.7AI score0.00726EPSS
Exploits0References1
NVD
NVD
added 2023/04/28 1:15 p.m.20 views

CVE-2022-41397

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...

9.8CVSS9.4AI score0.00675EPSS
Exploits0References1
Prion
Prion
added 2023/04/28 1:15 p.m.17 views

Hardcoded credentials

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...

7.5CVSS9.3AI score0.00675EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/28 12:0 a.m.12 views

CVE-2022-41397

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...

9.4AI score0.00675EPSS
Exploits0References1
Fedora
Fedora
added 2023/04/05 1:36 a.m.20 views

[SECURITY] Fedora 37 Update: rubygem-activerecord-7.0.4.3-1.fc37

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

5.3CVSS7.7AI score0.00907EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/04/02 12:0 a.m.26 views

Fedora: Security Advisory for rubygem-activerecord (FEDORA-2023-d6157bb1e2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.6 views

PT-2023-11835 · WordPress · Jetbackup

Name of the Vulnerable Software and Affected Versions: JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to sensitive information disclosure due to a lack of proper capability checking on the backup guard get manua...

4.3CVSS4.3AI score0.00639EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.33 views

CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...

4.9AI score0.00267EPSS
Exploits2References1
Prion
Prion
added 2022/11/28 2:15 p.m.15 views

Cross site request forgery (csrf)

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

4.3CVSS4.7AI score0.00267EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/11/28 1:47 p.m.44 views

CVE-2022-3850 Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

5AI score0.00267EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.37 views

CVE-2022-41932 Creation of new database tables through login form on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...

7.5CVSS7.6AI score0.00518EPSS
Exploits0References2
OSV
OSV
added 2022/11/21 10:36 p.m.19 views

GHSA-4X5R-6V26-7J4V Creation of new database tables through login form on PostgreSQL

Impact It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. Patches The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Workarounds The only workarounds for this are: use an authenticator which does...

7.5CVSS6.1AI score0.00518EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/06/17 8:52 p.m.56 views

Information Disclosure via Export Module

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 4.0 Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have...

4.3CVSS5AI score0.00585EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2022/06/14 9:15 p.m.19 views

Design/Logic Flaw

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

4CVSS4.5AI score0.00585EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder