EUVD-2008-0812

Malware in sbrugna...

WordPress plugin Branda security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-0842

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restoreins.php file and. This makes it possible for unauthenticated attackers to make excessive...

Design/Logic Flaw

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restoreins.php file and. This makes it possible for unauthenticated attackers to make excessive...

PT-2024-15860 · WordPress · Backuply

Name of the Vulnerable Software and Affected Versions: The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to a Denial of Service vulnerability. This vulnerability is due to direct access of the backuply/restore ins.p...

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

WordPress Plugin LearnDash LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-1932

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file...

Ian Dunn: All Plugins - Direct file access to plugin files Vulnerability

Hello What is direct file access Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP clas...

CAREL PlantVisorEnhanced Access Restriction Bypass Vulnerability

CAREL PlantVisor Enhanced is a suite of monitoring and remote maintenance software for CAREL instrument-controlled refrigeration and air conditioning systems. A security vulnerability in CAREL PlantVisor Enhanced allows a remote attacker to bypass established access restrictions by sending a dire...

CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

VulnCheck KEV: CVE-2014-10021

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extensio...

Information disclosure

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving 1 direct access to a file or 2 the user-setup web page...

Mod-X Cross Site Request Forgery / Cross Site Scripting

Got bored and decided to break the new website of the company I work for. Throughout I'll be dropping two new exploits that were chained to allow the changing of the administrative password of a default mod-x install. This is not a full review of mod-x, my main goal was just to break something, s...

File Access Vulnerability in Easy File Sharing Web Server

File Access Vulnerability in Easy File Sharing Web Server Discovered by: Timothy "Thor" Mullen Testing by Steve "Raging Haggis" Moffat, Hammer of God, Bermuda Labs Product: Easy File Sharing Web Server, current versions, default installation Vendor: http://www.sharing-file.com/ Vendor Notificatio...

CVE-2008-6084

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

sambar.txt

Sambar Proxy Multible Vulnerabilities ===================================== I found some vulnerabilitites in Sambar Webproxy www.sambar.com, which allow the sambar admin access to files outside of the application directories. Since Sambar comes with no password for admin as default, it might be a...