246 matches found
Emerson WirelessHART Gateway 命令注入漏洞
The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. A command injection vulnerability exists in Emerson WirelessHART Gateway that allows all users to access read global variables, and affected products are prone to disclosing peer usernames and passwords...
CVE-2021-42536
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables...
CVE-2021-28559
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...
Information disclosure
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...
CVE-2021-28559 Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...
CVE-2021-34201
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...
Buffer overflow
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...
CVE-2021-34201
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...
CVE-2021-28559
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...
CVE-2021-27363
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file...
CVE-2021-3124
Stored cross-site scripting XSS in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars0name field...
CVE-2021-3124
Stored cross-site scripting XSS in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars0name field...
CVE-2021-3124
The CVE-2021-3124 entry relates to a stored XSS in the Robust.Systems product, specifically in the Custom Global Variables v1.0.5. The vulnerability is triggered via the vars[0][name] field, allowing an attacker to inject arbitrary code. Evidence from connected sources confirms the affected compo...
WordPress Custom Global Variables 1.0.5 Cross Site Scripting
Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting XSS Google Dork: NA Date: 09/01/2021 Exploit Author: Swapnil Subhash Bodekar Vendor Homepage: Software Link: https://wordpress.org/plugins/custom-global-variables/developers Version: 1.0.5 Tested on...
Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the 'name' field of the variable added in its settings, leading to a Stored Cross-Site Scripting issue. Attackers could also used the lack of CSRF nonce and check to make a logged in administrator add the payload and make them perform further unwanted actions. The PoC...
Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the 'name' field of the variable added in its settings, leading to a Stored Cross-Site Scripting issue. Attackers could also used the lack of CSRF nonce and check to make a logged in administrator add the payload and make them perform further unwanted actions. PoC The...
WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Swapnil Subhash Bodekar in WordPress Custom Global Variables plugin versions = 1.0.5. Solution Update the Custom Global Variables plugin to the latest available version at least 1.1.1...
WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting XSS Google Dork: NA Date: 09/01/2021 Exploit Author: Swapnil Subhash Bodekar Vendor Homepage: Software Link: https://wordpress.org/plugins/custom-global-variables/developers Version: 1.0.5 Tested on...
Cross-site Scripting (XSS)
wordpress is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the addLoadEvent function in admin-header.php where an attacker is able to inject malicious script via global variables and get it executed when a user visits the page...
FreeBSD : wordpress -- multiple issues (11325357-1d3c-11eb-ab74-4c72b94353b5)
wordpress developers reports : Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues : -Props to Alex Concha of the WordPress Security Team for their work in...