49 matches found
WordPress plugin Display custom fields in the frontend Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-29510 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The id parameter of the "routers/edit-orders.php" resource does not validate the input, making it vulnerable to SQ...
GHSA-27H2-HVPR-P74Q jsonwebtoken has insecure input validation in jwt.verify function
Overview For versions =8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can gain remote code execution RCE. Am I affected? This security issue...
Remote Code Execution
com.alibaba:hessian-lite is vulnerable to remote code execution. The vulnerability exists due to insecure input validation when processing serialized data in getSerializer and getDeserializer functions in SerializerFactory.java, which allows an attacker to pass specifically crafted data to the...
Input validation
In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
Inductive Automation Ignition Code Issue Vulnerability
Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analytics.Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet the specific need...
Inductive Automation Ignition 代码问题漏洞
Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...
Inductive Automation Ignition 代码问题漏洞
Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analytics.Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet the specific need...
Apache Karaf code issue vulnerability (CNVD-2022-14707)
Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. Apache Karaf suffers from a code issue vulnerability that stems from insecure input validation when handling serialized data,...
Input validation
In icstartRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
Input validation
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-get'file' instead of the fixed file names of icon.png and icon.svg...
Input validation
This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...
Portlandlabs Concrete5 代码问题漏洞
Portlandlabs Concrete5 is an open source content management system CMS from PortlandLabs Portlandlabs, U.S. Portlandlabs concrete5 suffers from a code issue vulnerability that stems from insecure input validation. An attacker could exploit this vulnerability to pass specially designed data to the...
Input validation
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
Bridgecrew Checkov 代码问题漏洞
Bridgecrew Checkov is an open source application. Static code analysis tool for infrastructure-as-code. Bridgecrew Checkov suffers from a code issue vulnerability that stems from insecure input validation when processing serialized data, which could allow a remote user to pass specially designed...
Input validation
In Jingyun Antivirus v2.4.2.39, the driver file ZySandbox.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304...
CVE-2020-16216
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and...
Input validation
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have...
Input validation
In tokenize of sqlite3android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2019-1873
A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software ASA and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure...