PT-2022-25289 · WordPress · Xplodedthemes Wpide

Name of the Vulnerable Software and Affected Versions: XplodedThemes WPide plugin versions = 2.6 Description: The issue is an Authenticated Arbitrary File Edit/Upload vulnerability. This means that an attacker with admin or higher privileges can edit or upload files arbitrarily in the XplodedThem...

WordPress plugin XplodedThemes WPide 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability

Authenticated Arbitrary File Edit/Upload vulnerability discovered by Vlad Vector Patchstack in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

WordPress plugin MapPress Maps代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...

Design/Logic Flaw

Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...

Projectsend 安全漏洞

An information disclosure vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing web application. The vulnerability stems from the ids parameter in files-edit.php and the id parameter in process.php not checking for authorization. An attacker could exploit...

Bolt CMS 路径遍历漏洞

Bolt is a simple CMS written in PHP. A directory traversal vulnerability exists in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in versions of Bolt prior to 4.1.13. No detailed vulnerability details are provided at this time...

CVE-2020-28187

Multiple directory traversal vulnerabilities in TerraMaster TOS = 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the 1 filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to...

Security update for fossil (important)

openSUSE Security Update: Security update for fossil Announcement ID: openSUSE-SU-2020:1478-1 Rating: important References: 1047218 1175760 Cross-References: CVE-2020-24614 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An upda...

CVE-2020-25287

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

CVE-2018-20599

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadminfileedit action...

“For security reasons DTD is prohibited in this XML document” error in Veeam Backup for Microsoft 365

Challenge Interactions with either SharePoint Online or OneDrive for Business within Veeam Backup for Microsoft 365 fail with either of the following errors: For security reasons DTD is prohibited in this XML document Copy Identity Client Runtime Library IDCRL could not look up the realm...

CVE-2018-16145

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

DEBIAN-CVE-2017-18226

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...

zzcms v1.5.3.0129 version exists arbitrary file editing vulnerability

ZZCMS is an enterprise website builder. zzzcms v1.5.3.0129 version of the existence of arbitrary file editing vulnerability. The vulnerability stems from the fact that the file name, file path and file content of the file to be modified are not filtered, leading to a vulnerability that can be...

Arbitrary File Editing Vulnerability in bagecms v3.1.3 Version

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. bagecms v3.1.3 version of the existence of arbitrary file editing vulnerability, the vulnerability stems from the file path to modify the file and to write the contents of the file are not...

Secure Mail: How to edit the MDX file for enabling/disabling the hidden policy.

Enable/Disable the hidden policy for Secure Mail: ex "AutoPopulateusernametitle"...

CVE-2016-0394

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files...