Cross site scripting

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

CVE-2021-23283

Eaton IPP (Intelligent Power Protector) is affected by CVE-2021-23283: all versions prior to 1.69 have a stored XSS flaw due to insufficient input validation and improper output encoding in certain resources. Impact described as cross-site scripting with potential for injection via untrusted data...

Intelligent Power Protector跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Software. A cross-site scripting vulnerability exists in Eaton Intelligent Power Protector IPP prior to version 1.69, which stems from insufficient validation of user input and improper encoding of output for certain resources in the IPP software...

Amazon Linux AMI : glibc (ALAS-2022-1576)

The version of glibc installed on the remote host is prior to 2.17-324.189. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1576 advisory. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the...

Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting

The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting PoC...

Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans PoC https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails=delete=1...

Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails&action=delete&id=1...

Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting

The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting alert/XSS/' /...

CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

Input validation

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

CVE-2021-23288 Security issues in Intelligent Power Protector

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

Intelligent Power Protector 跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Program. A security vulnerability exists in Intelligent Power Protector versions prior to 1.69 that stems from insufficient validation of certain resource inputs by the IPP software. An attacker could exploit this vulnerability to access the loca...

Oracle Linux 8 : glibc (ELSA-2022-0896)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0896 advisory. - CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak 2032280 - CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc...

Linux/x86_64 - sudo enumeration Shellcode (245 bytes)

sudo vulnerability enumeration shellcode / sudo vulnerability enumeration shellcode xordynamic - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 245 bytes compilation: gcc -fno-stack-protector -z execstack .c -o "disasssemble only main." 0000000000001179 : 1179: 55 push...

CVE-2022-0190

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...

CVE-2022-0190 Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...

CVE-2022-0190

The CVE-2022-0190 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin, affected in versions prior to 1.2.6. The root cause is a SQL Injection vulnerability in the id parameter of the delete action, enabling an attacker to manipulate database queries. Impact is described as Parti...

WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions prior to WordPress Ad Invalid Click Protector AICP plugin 1.2.6, which stems from ...

CVE-2022-23219

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...