Lucene search
K

138 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:13 a.m.5 views

CVE-2023-52176

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...

5.3CVSS6.9AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:15 p.m.9 views

CVE-2022-1995

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

4.8CVSS6.2AI score0.00548EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:3 p.m.11 views

CVE-2024-25902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

7.6CVSS8.2AI score0.00541EPSS
Exploits0References1
ICS
ICS
added 2025/01/10 4:30 a.m.10 views

ABB Drive Composer

SUMMARY An update is available that resolves vulnerability in the product versions as affected in this advisory. An attacker who successfully exploits the vulnerability could get unauthorized access to the file system on the host machine. This can lead to the execution of arbitrary code, data...

9.8CVSS6.8AI score0.02061EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.12 views

SAP NetWeaver AS ABAP Protection Mechanism Failure (3456952)

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability. Note that...

4.7CVSS5.4AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 5:15 a.m.5 views

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

4.7CVSS5.8AI score0.00306EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 a.m.33 views

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

4.7CVSS0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/09 4:24 a.m.21 views

CVE-2024-39599 [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

4.7CVSS7AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 4:24 a.m.38 views

CVE-2024-39599 [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

4.7CVSS0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.8 views

SAP NetWeaver Application Server Security Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a failure in the protection mechanism, which allows a developer to bypass the configured Malware Scanner API, resulting in a low impact ...

4.7CVSS6.6AI score0.00306EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.6 views

PT-2024-10305 · Sap · Sap Netweaver Application Server Abap +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description: The issue is related to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform. This failure allow...

7.5CVSS7AI score0.00306EPSS
Exploits0References8
NVD
NVD
added 2024/06/04 1:15 p.m.18 views

CVE-2023-52176

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...

5.3CVSS5.3AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:43 p.m.13 views

CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...

5.3CVSS7AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 12:43 p.m.22 views

CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1...

5.3CVSS5.3AI score0.00403EPSS
Exploits0References1
hivepro
hivepro
added 2024/03/21 5:46 a.m.32 views

Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover

Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...

7.5CVSS7.2AI score0.01712EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/03/18 9:46 a.m.60 views

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and...

9.8CVSS7.6AI score0.01712EPSS
Exploits1
NVD
NVD
added 2024/03/13 4:15 p.m.22 views

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

9.8CVSS9.8AI score0.01712EPSS
Exploits1References5
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Privilege escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

7.5CVSS7.6AI score0.01712EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.16 views

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

9.8CVSS7.3AI score0.01712EPSS
Exploits1References5
CVE
CVE
added 2024/03/13 3:26 p.m.85 views

CVE-2024-2172

CVE-2024-2172 affects MiniOrange WordPress plugins: Malware Scanner (up to 4.7.2) and Web Application Firewall (up to 2.1.1). Root cause is a missing capability check in mo_wpns_init(), enabling unauthenticated privilege escalation to administrator. Documented impact: sites can be compromised by ...

9.8CVSS9.6AI score0.01712EPSS
Exploits1References5
Rows per page
Query Builder