CVE-2022-3141 Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

CVE-2022-3141

CVE-2022-3141 concerns the WordPress TranslatePress (Translate Multilingual) plugin, affected versions before 2.3.3. An authenticated attacker can inject a time-based blind payload via a crafted language entry, bypassing backticks in SQL queries. This yields a high-impact SQL injection vulnerabil...

Pharmacy Management System edituser.php SQL Injection Vulnerability

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from a lack of validation of external input SQL in the id parameter of edituser.php statements. A...

Multi Language Hotel Management Software SQL注入漏洞

Multi Language Hotel Management Software is a multilingual hotel management software by Nikhil B Individual Developer. Multi Language Hotel Management Software suffers from a SQL injection vulnerability that stems from affecting some unknown processing, where manipulation of the parameter roomid...

[SECURITY] Fedora 36 Update: golang-github-gosexy-gettext-0.9-8.fc36

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

multilingual-matters.com Cross Site Scripting vulnerability OBB-2819781

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

[SECURITY] Fedora 35 Update: golang-github-gosexy-gettext-0.9-7.fc35

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

that-value 安全漏洞

that-value is a multilingual platform validator package by the individual developer Paweł Stefański, Poland. A Regular Expression Denial of Service ReDOS vulnerability exists in that-value version v0.1.3, which can be exploited by an attacker to cause a denial of service when validating a crafted...

Malicious code in sketch-multi-lingual-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0dc963980cef03ca59ff4df6236056bfe2d4a7bb38df9f9c2aed51bc8869a0fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

June 14, 2022, cumulative update for SharePoint Enterprise Server 2013 (KB5002218)

June 14, 2022, cumulative update for SharePoint Enterprise Server 2013 KB5002218 Cumulative update packages for Microsoft SharePoint Enterprise Server 2013 contain hotfixes for the issues that were fixed since the release of SharePoint Enterprise Server 2013. Note: This is build 15.0.5459.1001 of...

Drupal access bypass vulnerability

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

GHSA-3327-JR93-7HQ3 Drupal access bypass vulnerability

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

WordPress Advanced Exchange Rates for WooCommerce Multilingual plugin <= 1.0.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Advanced Exchange Rates for WooCommerce Multilingual plugin versions = 1.0.6. Solution No patched version available...

WordPress Advanced Exchange Rates for WooCommerce Multilingual plugin <= 1.0.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Advanced Exchange Rates for WooCommerce Multilingual plugin versions = 1.0.6. Solution No patched version available...

[SECURITY] Fedora 34 Update: phpMyAdmin-5.1.3-1.fc34

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...

[SECURITY] Fedora 34 Update: roundcubemail-1.4.13-1.fc34

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...

[SECURITY] Fedora 34 Update: roundcubemail-1.4.12-1.fc34

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...

Impress CMS 1.4.2 Remote Code Execution

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.impresscms.org/ Software Link: https://www.impresscms.org/modules/downloads/ Version: 1.4.2 Category: Webapps Tested on: Linux/Windows...