CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

EUVD-2025-24991

Malicious code in bioql PyPI...

CVE-2024-2020

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-2020

CVE-2024-2020 affects the Calculated Fields Form plugin for WordPress. It enables Stored XSS via the form page href parameter in versions up to 5.1.56 due to insufficient input sanitization and output escaping. Exploitation is possible by unauthenticated attackers and would trigger when users vis...

BACKCLICK 授权问题漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability in BACKCLICK Professional version 5.9.63, which stems from an insecure design or lack of authentication, can be exploited by an...

BACKCLICK SQL注入漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A SQL injection vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from insufficient user-supplied input escaping, and can be...

PT-2019-17000 · Ibm · Daeja Viewone Standard +2

Name of the Vulnerable Software and Affected Versions: IBM Daeja ViewONE Professional, Standard & Virtual versions 5.0 through 5.0.5 Description: The issue allows an unauthorized user to download server files, resulting in sensitive information disclosure. Recommendations: For IBM Daeja ViewONE...

CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-14584)

CentOS Web Panel CWP is a free web hosting control panel. A cross-site scripting vulnerability exists in the email field in CWP versions 0.9.8.793 Free and 0.9.8.753 Pro, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this...

ZOHO ManageEngine Netflow Analyzer Cross-Site Scripting Vulnerability (CNVD-2019-32076)

ZOHO ManageEngine Netflow Analyzer is a set of Web-based bandwidth monitoring tools from ZOHO. The product is mainly used for bandwidth monitoring and traffic analysis. A cross-site scripting vulnerability exists in the /netflow/jspui/popup1.jsp file in ZOHO ManageEngine Netflow Analyzer...

ELO ELOenterprise and ELOprofessional Access Manager Component SQL Injection Vulnerability

ELO is ELO Digital Office's document management system. eloenterprise is its enterprise version; eloprofessional is its professional version. access manager is one of the access managers. A SQL injection vulnerability exists in the HTTP GET parameter 'ticket' of the Access Manager component in EL...

IBM Daeja ViewONE Information Disclosure Vulnerability

IBM Daeja ViewONE is a document viewer from IBM that supports TIFF, PDF and Office-based documents.IBM Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are its different Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are different versions...

Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal

Security Advisory ID: NETRESEC-1386968 http://netresec.com/?b=1386968 NetworkMiner version 1.4.1 and older is vulnerable to DLL hijacking and contains a directory traversal vulnerability. ==Description== NetworkMiner is a tool designed for network forensics and network security monitoring. It is...

Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)

This host is installed with Adobe Flash Professional and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbadobeflashprofessionaljpgobjbofvulnwin.nasl 6032 2017-04-26 09:02:50Z teissa $ Adobe Flash Professional JPG Object Processing BOF Vulnerability Windows Authors:...

JVN#35605523: Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Impact An arbitrary script may be executed on the user...

Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges

Overview Access Analyzer CGI Professional Version from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contain...

JVN#63511247 Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of Access Analyzer C...

JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...

MailEnable Enterprise 1.x SMTP Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc =============================================================== MailEnable Enterprise 1.x SMTP Remote Denial of Service Exploit =============================================================== !/usr/bin/perl MailEnable Enterprise = 1.04-Profession...

WFTPD "Pro" 3.0 R4 Buffer Overflow

WFTP is the Win/NT FTP server by Alun Jones, "an author acknowledged as an expert in FTP and TCP/IP". This advisory pertains to "Professional" version 3.00 R4, which appears to be the current version. It can be downloaded from the author's site at http://www.wftpd.com/. WFTPD is released as...

VS 2008 - VS - PRO (Professional/Academic)

...