CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-8434

CVE-2024-8434 affects the Easy Mega Menu Plugin for WordPress – ThemeHunk. A missing capability check on several AJAX-hooked functions allows authenticated users with subscriber-level access and above to perform actions such as updating plugin settings in all versions up to 1.0.9. The vulnerabili...

PT-2024-39011 · Themehunk · Easy Mega Menu Plugin

Name of the Vulnerable Software and Affected Versions: Easy Mega Menu Plugin for WordPress – ThemeHunk plugin versions up to, and including, 1.0.9 Description: The issue arises from a missing capability check on several functions hooked via AJAX, allowing authenticated attackers with...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

September 24, 2024—KB5043131 (OS Build 19045.4957) Preview

September 24, 2024—KB5043131 OS Build 19045.4957 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page. Note Follow...

htmly 2.9.9 Cross Site Scripting

Exploit Title: Stored XSS in "Edit Profile" - htmlyv2.9.9 Date: 9/2024 Exploit Author: Andrey Stoykov Version: 2.9.9 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/09/friday-fun-pentest-series-11-stored-xss.html Stored XSS 1: Steps to Reproduce: 1. Login as author 2. Browse to...

[20250102] - Core - XSS vector in the id attribute of menu lists

Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2...

WordPress Accordion Image Menu plugin <= 3.1.3 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Accordion Image Menu versions = 3.1.3...

CVE-2024-8092

The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-8092

The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-8092

The CVE-2024-8092 entry concerns the WordPress Accordion Image Menu plugin (versions 3.1.3 and earlier) with CSRF checks missing in several areas and insufficient sanitisation/escapes, enabling a logged-in administrator to inject Stored XSS via CSRF. Affected component: plugin functionality handl...

WordPress Accordion Image Menu Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Accordion Image Menu Type Plugin Vulnerable versions = 3.1.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8092 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 74d0d44e3282 Credits Daniel Ruf Requir...

How to Reset Account Lockout for 'Managed Hardened Repository ISO by Veeam'

Purpose This article documents how to unlock the accounts used with the Managed Hardened Repository ISO by Veeam, veeamsvc or vhradmin, when they become locked out. The Managed Hardened Repository ISO by Veeam deploys Rocky Linux with the DISA STIG security profile, which utilizes faillock to loc...

i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

CVE-2024-42380

The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application...

CVE-2024-42380

CVE-2024-42380 concerns SAP NetWeaver AS ABAP/ABAP Platform where an RFC-enabled function module allows a low-privileged user to read other users’ workplace favourites, user menus, and related node data, enabling username enumeration. The impact is described as low confidentiality risk to the app...

PT-2024-29908 · Sap · Sap Systems

Name of the Vulnerable Software and Affected Versions: SAP Systems affected versions not specified Description: The RFC enabled function module in SAP Systems allows a low-privileged user to read any user's workplace favorites and user menu, along with specific data of each node. This issue enabl...

CVE-2024-8559

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2024-8559 SourceCodester Online Food Menu delete-menu.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2024-8559 SourceCodester Online Food Menu delete-menu.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The explo...