302 matches found
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection. PoC...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.8.1. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at least...
CVE-2021-34718
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
CVE-2021-34718
Cisco IOS XR Software contains an Arbitrary File Read/Write vulnerability in the SSH Server, exploitable by an authenticated, remote attacker via crafted SCP parameters during login. The issue stems from insufficient input validation of user-supplied arguments for the SCP file-transfer method, en...
CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
PT-2021-4048 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to...
WordPress Secure Copy Content Protection Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...
CVE-2021-24484
The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
Sql injection
The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
CVE-2021-24484
The CVE-2021-24484 entry concerns the WordPress plugin Secure Copy Content Protection and Content Locking (versions before 2.6.7). The vulnerability arises in the plugin’s get_reports() function, which did not whitelist/validate the orderby parameter before it is used in SQL statements passed to ...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...
The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.
The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.6.6 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.6.6. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at lea...
CommScope Ruckus IoT Controller 安全漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
libssh: unsanitized location in scp could lead to unwanted command execution
A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
...