154 matches found
PT-2024-34979 · Unknown · Bcristopeit Wow Guild Armory Roster
Name of the Vulnerable Software and Affected Versions: bcristopeit WoW Guild Armory Roster versions 0.5.5 and earlier Description: The issue affects the bchristopeit WoW Guild Armory Roster, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to...
WordPress plugin WoW Guild Armory Roster 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress WoW Guild Armory Roster plugin <= 0.5.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WoW Guild Armory Roster versions = 0.5.5...
WordPress WoW Guild Armory Roster Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)
Software WoW Guild Armory Roster Type Plugin Vulnerable versions = 0.5.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 56dc451178b5 Credits SOPROBRO Required privilege...
CVE-2024-33850
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...
CVE-2024-33850
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...
CVE-2024-33850
CVE-2024-33850 affects Pexip Infinity prior to 34.1. The issue is improper access control for people in a waiting room: they can view the conference roster and perform actions that should be restricted until admission. Documents from multiple sources confirm the affected product/versions and the ...
CVE-2024-33850
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...
CVE-2024-33850
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...
PT-2024-25509 · Pexip · Pexip Infinity
Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 34.1 Description: The issue concerns improper access control, allowing individuals in a waiting room to view the conference roster list and perform certain actions before being admitted to the meeting...
Debian: Security Advisory (DLA-413-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-724-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2015-8688
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...
SUSE CVE-2016-9928
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets...
Malicious Package
Overview @dbk-legacy/roster-modules-ebanking is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...
Malicious code in @dbk-legacy/roster-modules-ebanking (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a784237339043670e7c7a052df02d3c57360fff4edfd7235e87e8e279975964c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
standbyroster.org Improper Access Control vulnerability OBB-2359419
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Mageia: Security Advisory (MGASA-2016-0433)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Talariax SendQuick Alertplus Server Admin Information Disclosure Vulnerability
TalariaX Pte Ltd Talariax SendQuick Alertplus Server Admin is a server management system of TalariaX Pte Ltd, Singapore. versions prior to 4.3 8HF11, a security vulnerability exists in the software where /appliance/shiftmgn.php lacks effective filtering and escaping of user submitted SQL...
CVE-2021-26795
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...