Lucene search
K

154 matches found

Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.3 views

PT-2024-34979 · Unknown · Bcristopeit Wow Guild Armory Roster

Name of the Vulnerable Software and Affected Versions: bcristopeit WoW Guild Armory Roster versions 0.5.5 and earlier Description: The issue affects the bchristopeit WoW Guild Armory Roster, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to...

6.5CVSS5.6AI score0.00374EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.4 views

WordPress plugin WoW Guild Armory Roster 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS7.6AI score0.00374EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/08 2:8 p.m.3 views

WordPress WoW Guild Armory Roster plugin <= 0.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WoW Guild Armory Roster versions = 0.5.5...

6.5CVSS6.1AI score0.00374EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.8 views

WordPress WoW Guild Armory Roster Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WoW Guild Armory Roster Type Plugin Vulnerable versions = 0.5.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 56dc451178b5 Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00374EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/10 9:15 p.m.1 views

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 9:15 p.m.28 views

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

4.3CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2024/06/10 12:0 a.m.51 views

CVE-2024-33850

CVE-2024-33850 affects Pexip Infinity prior to 34.1. The issue is improper access control for people in a waiting room: they can view the conference roster and perform actions that should be restricted until admission. Documents from multiple sources confirm the affected product/versions and the ...

4.3CVSS6.9AI score0.00213EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/10 12:0 a.m.12 views

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

6.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/10 12:0 a.m.18 views

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.7 views

PT-2024-25509 · Pexip · Pexip Infinity

Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 34.1 Description: The issue concerns improper access control, allowing individuals in a waiting room to view the conference roster list and perform certain actions before being admitted to the meeting...

4.3CVSS6.4AI score0.00213EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.27 views

Debian: Security Advisory (DLA-413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.8AI score0.01723EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.19 views

Debian: Security Advisory (DLA-724-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.04512EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:11 a.m.4 views

SUSE CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

5.4CVSS6.9AI score0.01723EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.3 views

SUSE CVE-2016-9928

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets...

7.4CVSS7.1AI score0.04512EPSS
Exploits2References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview @dbk-legacy/roster-modules-ebanking is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/11/10 5:25 a.m.4 views

Malicious code in @dbk-legacy/roster-modules-ebanking (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a784237339043670e7c7a052df02d3c57360fff4edfd7235e87e8e279975964c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2022/02/07 4:19 a.m.18 views

standbyroster.org Improper Access Control vulnerability OBB-2359419

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2016-0433)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.4AI score0.04512EPSS
Exploits2References6
CNVD
CNVD
added 2021/11/16 12:0 a.m.26 views

Talariax SendQuick Alertplus Server Admin Information Disclosure Vulnerability

TalariaX Pte Ltd Talariax SendQuick Alertplus Server Admin is a server management system of TalariaX Pte Ltd, Singapore. versions prior to 4.3 8HF11, a security vulnerability exists in the software where /appliance/shiftmgn.php lacks effective filtering and escaping of user submitted SQL...

8.8CVSS1.9AI score0.01478EPSS
Exploits3References1
OSV
OSV
added 2021/11/14 9:15 p.m.3 views

CVE-2021-26795

A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...

8.8CVSS7.4AI score
Exploits0References2
Rows per page
Query Builder