WordPress plugin Restaurant Menu – Food Ordering System – Table Reservation 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Restaurant Menu - Food...

WordPress plugin Restaurant Menu – Food Ordering System – Table Reservation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Restaurant Menu - Food...

PT-2022-18142

Name of the Vulnerable Software and Affected Versions The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including 2.3.0 Description The issue allows for authorization bypass via several AJAX actions due to missing capability checks and missing...

Fedora 访问控制错误漏洞

Fedora is a set of Linux operating systems from the Fedora community. Fedora CoreOS has a security vulnerability that stems from the fact that it allows to boot a non-default OSTree deployment without entering a password. This allows users with access to the GRUB menu to boot into an older versio...

Restaurant Menu < 2.3.1 - Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in some AJAX actions, allowing any authenticated users, such as subscriber to call them and perform unauthorised actions such as update the plugin's settings...

WordPress Restaurant Menu plugin <= 2.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence in WordPress Restaurant Menu plugin versions = 2.3.1. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.2...

WordPress Restaurant Menu <= 2.3.0 - Missing Authorization on AJAX Actions vulnerability

Missing Authorization on AJAX Actions vulnerability discovered by ptsfence in WordPress Restaurant Menu versions = 2.3.0. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.1...

CVE-2021-38734

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via AntMenu.php...

SEMCMS SQL注入漏洞

SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntMenu.php...

Stored XSS - Entity name not sanitize in Ticket creation page

Description An Administrator can set a Cross-Site Scripting XSS payload inside an entity name. This XSS will be executed on the Ticket Creation page Menu - Assistance - Create Ticket. Proof of Concept 1. Set an XSS in Entity name 2. Go to the "Create Ticket" page 3. XSS is excuted...

SUSE-SU-2022:3750-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: cobbler: - Consider case of 'nextserver' being a hostname during migration of Cobbler collections. - Fix problem with 'proxyurlext' setting being None type. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager...

October 25, 2022—KB5018483 (OS Build 22000.1165) Preview

October 25, 2022—KB5018483 OS Build 22000.1165 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...

August 9, 2022—KB5016629 (OS Build 22000.856)

August 9, 2022—KB5016629 OS Build 22000.856 NEW 8/26/22IMPORTANT Microsoft released KB5012170 on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database DBX. This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers mus...

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

Cross site request forgery (csrf)

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

CVE-2022-39264 nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

CVE-2022-40337

OASES aka Open Aviation Strategic Engineering System 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu...

Open Aviation Strategic Engineering System 安全漏洞

Valsoft Open Aviation Strategic Engineering System OASES is an aviation engineering and maintenance system from Valsoft Corporation of Canada. A security vulnerability exists in Open Aviation Strategic Engineering System version 8.8.0.2 that could allow an attacker to execute arbitrary code via t...

JFinal SQL注入漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal CMS 5.1.0 SQL injection vulnerability exists , the vulnerability stems from the id, name, menu key interface does not use the same components , there is no filter , but each uses its own SQL connection , resulting in SQL...