Lucene search
K

120 matches found

Cvelist
Cvelist
added 2022/09/06 5:18 p.m.38 views

CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

7.2CVSS7AI score0.01307EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.46 views

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

7.5CVSS8.8AI score0.0118EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-16638 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to and including 3.2.49 Description: The issue allows authenticated attackers with contributor privileges and above to deserialize untrusted input via the filepackage dir parameter. This can...

8.8CVSS8.5AI score0.01328EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.8 views

WordPress plugin Migration, Backup, Staging – WPvivid 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Migration,...

7.2CVSS7.3AI score0.01329EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.5 views

WordPress plugin WordPress Infinite Scroll – Ajax Load More 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress Infinite...

8.8CVSS8.1AI score0.0118EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

WordPress plugin String Locator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

8.8CVSS8.1AI score0.01207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-16685 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.74 Description: The issue allows deserialization of untrusted input via the path parameter. This enables authenticated attackers with administrative...

7.2CVSS7AI score0.01329EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-16657 · WordPress · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker plugin for WordPress versions up to, and including 1.11.16 Description: The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the $log file value. This allows authenticated...

7.2CVSS7.1AI score0.01307EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

WordPress plugin Download Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

8.8CVSS8.1AI score0.01328EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.5 views

WordPress plugin Broken Link Checker 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

7.2CVSS7.3AI score0.01307EPSS
Exploits0References4
NVD
NVD
added 2022/08/25 11:15 p.m.15 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.8CVSS0.01191EPSS
Exploits0References2
OSV
OSV
added 2022/08/25 11:15 p.m.4 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.8CVSS6AI score0.01191EPSS
Exploits0References2
Prion
Prion
added 2022/08/25 11:15 p.m.16 views

Remote code execution

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

7.5CVSS9.6AI score0.01191EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/25 10:38 p.m.57 views

CVE-2022-28747

CVE-2022-28747 affects GoSecure Titan Inbox Detection & Response (IDR); root cause is key reuse that enables remote code execution. The vulnerability exists in IDR versions prior to 2022-04-05. An attacker can exploit by crafting and signing a serialized payload. Impact is remote code execution w...

9.8CVSS9.6AI score0.01191EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/25 10:38 p.m.22 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.9AI score0.01191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.5 views

PT-2022-19205 · Gosecure · Gosecure Titan Inbox Detection & Response

Name of the Vulnerable Software and Affected Versions: GoSecure Titan Inbox Detection & Response IDR versions prior to 2022-04-05 Description: The issue allows for remote code execution due to key reuse. An attacker must craft and sign a serialized payload to exploit this. Recommendations: For...

9.8CVSS9.7AI score0.01191EPSS
Exploits0References3
NVD
NVD
added 2022/08/04 10:15 a.m.22 views

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

9.8CVSS0.01138EPSS
Exploits0References2
OSV
OSV
added 2022/08/04 10:15 a.m.3 views

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

9.8CVSS6.1AI score0.01138EPSS
Exploits0References2
Prion
Prion
added 2022/08/04 10:15 a.m.14 views

Hardcoded credentials

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

7.5CVSS9.7AI score0.01138EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/04 8:58 a.m.2 views

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

9.8CVSS6.1AI score0.01138EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder