120 matches found
CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
PT-2022-16638 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to and including 3.2.49 Description: The issue allows authenticated attackers with contributor privileges and above to deserialize untrusted input via the filepackage dir parameter. This can...
WordPress plugin Migration, Backup, Staging – WPvivid 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Migration,...
WordPress plugin WordPress Infinite Scroll – Ajax Load More 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress Infinite...
WordPress plugin String Locator 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
PT-2022-16685 · WordPress · Wpvivid
Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.74 Description: The issue allows deserialization of untrusted input via the path parameter. This enables authenticated attackers with administrative...
PT-2022-16657 · WordPress · Broken Link Checker
Name of the Vulnerable Software and Affected Versions: Broken Link Checker plugin for WordPress versions up to, and including 1.11.16 Description: The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the $log file value. This allows authenticated...
WordPress plugin Download Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
WordPress plugin Broken Link Checker 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
Remote code execution
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
CVE-2022-28747
CVE-2022-28747 affects GoSecure Titan Inbox Detection & Response (IDR); root cause is key reuse that enables remote code execution. The vulnerability exists in IDR versions prior to 2022-04-05. An attacker can exploit by crafting and signing a serialized payload. Impact is remote code execution w...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
PT-2022-19205 · Gosecure · Gosecure Titan Inbox Detection & Response
Name of the Vulnerable Software and Affected Versions: GoSecure Titan Inbox Detection & Response IDR versions prior to 2022-04-05 Description: The issue allows for remote code execution due to key reuse. An attacker must craft and sign a serialized payload to exploit this. Recommendations: For...
CVE-2022-32965
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...
CVE-2022-32965
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...
Hardcoded credentials
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...
CVE-2022-32965
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...