434 matches found
MooDating 1.2 - Cross-site scripting
A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. id: CVE-2023-3848...
ZoneMinder Snapshots - Command Injection
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...
Joomla! Component News Portal 1.5.x - Local File Inclusion
A directory traversal vulnerability in the iJoomla News Portal comnewsportal component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1312 info: name: Joomla! Component News Portal 1.5.x - Local File...
Apache Struts2 S2-057 - Remote Code Execution
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
Gogs (Go Git Service) - SQL Injection
Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...
Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
A directory traversal vulnerability in the AlphaUserPoints comalphauserpoints component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the view parameter to index.php. id: CVE-2010-1476 info: name: Joomla! Componen...
Joomla! Component Juke Box 1.7 - Local File Inclusion
A directory traversal vulnerability in the JOOFORGE Jutebox comjukebox component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1352 info: name: Joomla! Component Juke Box 1.7 - Local File Inclusion...
Popup by Supsystic <1.10.5 - Cross-Site scripting
WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue. id: CVE-2021-24275 info: name: Popup by Supsystic 1.10.5 - Cross-Site scripting author: dhiyaneshDK severity:...
Bitrix Site Management 2.x - Open Redirect
Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters. id: CVE-2008-2052 info: name: Bitrix Site Management 2.x - Open Redirect author: pikpikcu,gtrrnr,liangtovi-debug severity: medium...
Joomla! Component VJDEO 1.0 - Local File Inclusion
A directory traversal vulnerability in the VJDEO comvjdeo component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1354 info: name: Joomla! Component VJDEO 1.0 - Local File Inclusion author: daffain...
Suprema BioStar <2.8.2 - Local File Inclusion
Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...
Joomla! Component com_biblestudy - Local File Inclusion
A directory traversal vulnerability in the Bible Study combiblestudy component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter in a studieslist action to index.php. id: CVE-2010-0157 info: name: Joomla! Component...
WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute. id: CVE-2021-24276 info: name: WordPress Supsystic Contact Form 1.7.15 - Cross-Site Scripting autho...
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...
WordPress Workreap - Remote Code Execution
WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...
WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action, available to both unauthenticated and authenticated users. id: CVE-2021-2429...
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Ma...
Joomla! Component jesectionfinder - Local File Inclusion
A directory traversal vulnerability in the JExtensions JE Section/Property Finder jesectionfinder component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. id: CVE-2010-2680 info: name: Joomla!...