CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

Design/Logic Flaw

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2022-1166 JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2022-1166

The CVE-2022-1166 issue affects the WordPress JobMonster Theme. The root cause is directory listing in the /wp-content/uploads/jobmonster/ folder due to absence of a default PHP file or .htaccess, which could expose personal data such as resumes. Public details in connected sources confirm the vu...

CVE-2021-37208

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969...

Cross site scripting

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969...

What steps are needed to configure new StoreFront servers with an existing Gateway and Store URL

The objective of this article is to provide the recommended steps at a high level in order to configure two new StoreFront servers to work with an existing Gateway virtual server that utilizes an URL created with an old set of StoreFront servers...

CVE-2021-46393

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack...

Reolink RLC-410W Information Disclosure Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China. reolink RLC-410W in v3.0.0.13620121102 is vulnerable to information disclosure, which stems from information disclosure due to web server configuration errors. An attacker could use this vulnerability to obtain sensitive information...

CVE-2021-44682

An issue 6 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...

CVE-2021-44679

The CVE-2021-44679 issue affects Veritas Enterprise Vault (up to version 14.1.2). The vulnerability arises during startup when Enterprise Vault launches multiple services that listen on random .NET Remoting TCP ports and on local IPC channels. The underlying problem is deserialization of untruste...

Improper file handling in concrete5/core

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored ...

Redis Labs Redis 跨站脚本漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A cross-site scripting vulnerability exists in ASRedis versions prior to 0.5, which can be exploited ...

CVE-2020-28968

Draytek VigorAP 1000C contains a stored cross-site scripting XSS vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field...

Cross site scripting

Draytek VigorAP 1000C contains a stored cross-site scripting XSS vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field...

Draytek VigorAP 1000C 跨站脚本漏洞

DrayTek Corporation Draytek VigorAp is a wireless access point from DrayTek Corporation. The Draytek VigorAP 1000C suffers from a cross-site scripting vulnerability that stems from the software's lack of effective filtering and validation of user uploaded parameters in the RADIUS Settings - RADIU...

Twitch data breach resulted from server configuration error

By Deeba Ahmed Twitch Data Breach took place a couple of days ago when an anonymous hacker published a torrent file with 125 GB worth of data on the 4chan messaging board. This is a post from HackRead.com Read the original post: Twitch data breach resulted from server configuration error...

CVE-2021-41385

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...

CVE-2021-41385

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...