345 matches found
8x8 Bounty: Open TURN relay abuse is possible due to lack of peer access control (Critical)
NOTE: This is not an SSRF vulnerability but an open TURN relay vulnerability. Typically, this security vulnerability has at least the same impact as an SSRF. However it is considered more useful from an attacker's point of view since attacks are not restricted to HTTP. - Affects: - █████:443 -...
[SECURITY] Fedora 31 Update: xar-1.8.0.417.1-1.fc31
The XAR project aims to provide an easily extensible archive format. Import ant design decisions include an easily extensible XML table of contents for ran dom access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the abili...
Fedora: Security Advisory for xar (FEDORA-2020-bbd24dd0cf)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Jenkins plug-in vulnerabilities: plaintext stored credentials disclosure-vulnerability warning-the black bar safety net
Jenkins is a widely used open source automation server, allows DevOps developers to efficiently and reliably build, test, and deploy software. In order to use Jenkins modular architecture, developers can plug-ins to extend its core features, allowing it to expand the script capabilities...
CVE-2019-14948
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...
Code injection
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...
CVE-2019-14948
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...
CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...
Memory Leak
react-native-video is vulnerable to memory leak. The vulnerability is possible because it does not properly handle the mp.selectTrack call to listen to timed meta data update...
FreeBSD : wordpress -- multiple issues (4b98613c-0078-11e9-b05b-00e04c1ea73d)
wordpress developers reports : WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors...
WordPress 5.0.x < 5.0.1 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.6.x < 4.6.13 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 3.7.x < 3.7.28 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.8.x < 4.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.0.x < 4.0.25 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.1.x < 4.1.25 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress Multiple Vulnerabilities (Dec 2018) - Windows
WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability
PHP Object Injection via Meta Data vulnerability found by Sam Thomas in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...
WordPress <= 5.0 - PHP Object Injection via Meta Data
Description According to WordPress: "Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection."...
WordPress 4.6.x < 4.6.6 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file wp-includes/js/plupload/handlers.js when handling overly large file...