CVE-2024-9022 TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.0 - Authenticated (Administrator+) SQL Injection via orderby Parameter

The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

WordPress plugin TS Poll SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress TS Poll plugin <= 2.3.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter vulnerability

Authenticated Administrator+ SQL Injection via orderby Parameter vulnerability discovered by WordFence in WordPress Plugin TS Poll versions = 2.4.0...

PT-2024-39367 · WordPress · Ts Poll – Survey

Name of the Vulnerable Software and Affected Versions: TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress versions up to, and including, 2.3.9 Description: The issue arises from insufficient escaping on the user-supplied orderby parameter and lack of sufficient preparation...

WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection

Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...

The vulnerability of the io_uring/poll component in the Linux operating system’s kernel allows for a malfunction to occur, leading to service failure.

The vulnerability of the iouring/poll component in the Linux operating system’s kernel is related to the state of the race condition during multi-address request operations. Exploiting this vulnerability can allow an attacker to cause a service failure...

Talk of election security is good, but we still need more money to solve the problem

Last week, six Secretaries of State testified to U.S. Congress about the current state of election security ahead of November's Presidential election. Some of the same topics came up as usual -- disinformation campaigns, influence from foreign actors, and the physical protection of poll workers o...

SUSE CVE-2024-46676

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if !improtocols && !tmprotocols' in the nfcstartpoll. But then after...

CVE-2024-46676

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if !improtocols && !tmprotocols' in the nfcstartpoll. But then after...

DEBIAN-CVE-2024-46676

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if !improtocols && !tmprotocols' in the nfcstartpoll. But then after...

AZL-49582 CVE-2024-46676 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if !improtocols && !tmprotocols' in the nfcstartpoll. But then after...

UBUNTU-CVE-2024-46676

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if !improtocols && !tmprotocols' in the nfcstartpoll. But then after...

CVE-2024-46676

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if !improtocols && !tmprotocols' in the nfcstartpoll. But then after...

SUSE CVE-2023-52914

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. This will eventually stall the ring exit process as well...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

CVE-2024-45265

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...

CVE-2024-45265

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...

CVE-2024-45265

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...