Lucene search
K

302 matches found

Exploit DB
Exploit DB
added 2022/02/10 12:0 a.m.329 views

WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)

Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...

9.8CVSS9.8AI score0.78812EPSS
Exploits7
WPVulnDB
WPVulnDB
added 2021/11/08 12:0 a.m.31 views

Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection

The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection. PoC...

9.8CVSS9.3AI score0.78812EPSS
Exploits7Affected Software1
Patchstack
Patchstack
added 2021/11/08 12:0 a.m.31 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 2.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.8.1. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at least...

9.8CVSS3.3AI score0.78812EPSS
Exploits7References3Affected Software1
OSV
OSV
added 2021/09/09 5:15 a.m.3 views

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS5.9AI score0.01581EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/09 5:0 a.m.22 views

CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS8.1AI score0.01581EPSS
Exploits0References1
CVE
CVE
added 2021/09/09 5:0 a.m.104 views

CVE-2021-34718

Cisco IOS XR Software contains an Arbitrary File Read/Write vulnerability in the SSH Server, exploitable by an authenticated, remote attacker via crafted SCP parameters during login. The issue stems from insufficient input validation of user-supplied arguments for the SCP file-transfer method, en...

8.5CVSS7.9AI score0.01581EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/09 5:0 a.m.11 views

CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS6.8AI score0.01581EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/08 4:0 p.m.49 views

Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS8AI score0.01581EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/09/08 12:0 a.m.3 views

PT-2021-4048 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to...

8.5CVSS7.9AI score0.01581EPSS
Exploits0References7
CNVD
CNVD
added 2021/08/05 12:0 a.m.21 views

WordPress Secure Copy Content Protection Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...

7.2CVSS7AI score0.01344EPSS
Exploits2References1
NVD
NVD
added 2021/08/02 11:15 a.m.16 views

CVE-2021-24484

The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

7.2CVSS0.01344EPSS
Exploits2References1
Prion
Prion
added 2021/08/02 11:15 a.m.12 views

Sql injection

The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

6.5CVSS7.3AI score0.01344EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/08/02 10:32 a.m.54 views

CVE-2021-24484

The CVE-2021-24484 entry concerns the WordPress plugin Secure Copy Content Protection and Content Locking (versions before 2.6.7). The vulnerability arises in the plugin’s get_reports() function, which did not whitelist/validate the orderby parameter before it is used in SQL statements passed to ...

7.2CVSS7.2AI score0.01344EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.7 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...

7.2CVSS6AI score0.01344EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2021/07/08 12:0 a.m.10 views

The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.

The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...

7.8CVSS7.3AI score0.02267EPSS
Exploits0References5Affected Software3
Patchstack
Patchstack
added 2021/06/29 12:0 a.m.22 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 2.6.6 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.6.6. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at lea...

7.2CVSS3.2AI score0.01344EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.4 views

CommScope Ruckus IoT Controller 安全漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...

9.8CVSS7.8AI score0.13773EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2021/02/25 8:29 a.m.2 views

CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

8.6AI score0.01554EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/11/04 1:0 a.m.5 views

libssh: unsanitized location in scp could lead to unwanted command execution

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

9.3CVSS7.4AI score0.0316EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.8 views

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

...

7.8CVSS7AI score0.12996EPSS
Exploits6
Rows per page
Query Builder