SUSE CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

SUSE CVE-2007-3719

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service CPU consumption, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."...

SUSE CVE-2015-5600

The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...

SUSE CVE-2015-8364

Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...

SUSE CVE-2018-9336

openvpnserv.exe aka the interactive service helper in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other...

SUSE CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

WordPress Interactive Geo Maps Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 12ba37f5354f Credits yuyudhn Required...

WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Interactive SVG Image Map Builder Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25704 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9e6397036265 Credits Lokesh...

GHSA-29GW-9793-FVW7 IPython vulnerable to command injection via set_term_title

IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the settermtitle function under specific conditions. This has been patched in version 8.10.0. Impact Users are only vulnerable when calling...

CVE-2023-24816

CVE-2023-24816 concerns IPython (versions before 8.1.0). The vulnerability arises when the function IPython.utils.terminal.set_term_title is called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 can prevent the vulnerable...

WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731 Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

CVE-2023-0731 affects the WordPress Interactive Geo Maps plugin up to version 1.5.9. The root cause is insufficient input sanitization and output escaping on user-supplied attributes in the action content parameter, enabling stored Cross-Site Scripting for authenticated users with editor-level pe...

WordPress plugin Interactive Geo Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

Interactive Geo Maps < 1.5.11 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters before outputting them back in attributes, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-16485 · WordPress · Interactive Geo Maps

Name of the Vulnerable Software and Affected Versions: Interactive Geo Maps plugin for WordPress versions up to, and including, 1.5.9 Description: The issue is related to Stored Cross-Site Scripting via the action content parameter due to insufficient input sanitization and output escaping on...