CVE-2025-12070

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

EUVD-2023-23730

Malicious code in bioql PyPI...

EUVD-2023-23806

Malicious code in bioql PyPI...

CVE-2023-1572

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

CVE-2023-1482

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack...

The vulnerability of the Plug-in Handler component of the OpenVPN software allows a hacker to load arbitrary modules.

The vulnerability of the Plug-in Handler component in the OpenVPN software involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a remote attacker to download arbitrary modules...

CVE-2023-1572

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

CVE-2023-1572 DataGear Plugin cross site scripting

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

CVE-2023-1572 DataGear Plugin cross site scripting

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

DataGear 跨站脚本漏洞

DataGear is an open source and free data visualization and analysis platform from DataGear, Inc. A cross-site scripting vulnerability exists in versions of DataGear prior to 1.11.1, which stems from a problem with the component Plugin Handler that can lead to cross-site scripting...

PT-2023-17088 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 1.11.1 Description: A vulnerability has been found in the Plugin Handler component of DataGear, which can lead to cross site scripting. The manipulation can be launched on the local host. Upgrading to version 1.12.0 is...

CVE-2023-1482

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack...

PT-2023-17019 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.2.4.230206 Description: A problematic issue was found in the External Plugin Handler component, affecting an unknown part of the file /admin.php/appcenter/local.html?type=addon. This issue leads to code injection and can be...

Mozilla Firefox Security Advisory (MFSA2013-10) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

SeaMonkey 2.14.x < 2.15 Multiple Vulnerabilities

Binary data 6670.prm...

Event manipulation in plugin handler to bypass same-origin policy — Mozilla

Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy SOP restrictions. This can allow for clickjacking on malicious web pages...

Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow (CVE-2010-3552)

Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will allow execution of arbitrar...

CentOS Update for seamonkey CESA-2010:0557 centos3 i386

Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2010:0557 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

CentOS 4 : firefox (CESA-2010:0558)

Updated firefox packages that fix a security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

Mambo/Joomla plugin.class.php脚本远程文件包含漏洞

Mambo（也被称为Joomla）是一款开放源代码的WEB内容管理系统。 Mambo在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 在Mambo的comcomprofiler文件夹的plugin.class.php脚本中： -----------------------plugin.class.php---------------------- ?php / Plugin handler @package Joomla @author various, JoomlaJoe and Beat / requireonce...