170 matches found
WordPress Smash Balloon Social Post Feed plugin <= 4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Smash Balloon Social Post Feed plugin versions = 4.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 4.1.1...
WordPress Smash Balloon Social Post Feed Plugin < 4.0.1 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Smash Balloon Social Post Feed Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. WordPress Smash Balloon Social Post Feed...
CVE-2021-24918
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...
CVE-2021-24918
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...
CVE-2021-24918
CVE-2021-24918 affects the WordPress plugin Smash Balloon Social Post Feed (versions before 4.0.1). The root cause is missing privilege and nonce validation when saving plugin settings, allowing any logged-in user on a vulnerable site to update settings and store rogue JavaScript on posts and pag...
CVE-2021-24918 Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...
WordPress 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. WordPress Smash Balloon Social Post Feed...
PT-2021-16367
Name of the Vulnerable Software and Affected Versions: Smash Balloon Social Post Feed WordPress plugin versions prior to 4.0.1 Description: The issue allows any logged-in user on a vulnerable site to update the plugin's settings without proper privilege or nonce validation. This enables the stora...
Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS
The plugin did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...
WordPress Smash Balloon Social Post Feed Plugin < 2.19.2 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24508
The issue CVE-2021-24508 concerns the Smash Balloon Social Post Feed WordPress plugin prior to version 2.19.2. The vulnerability arises because the feed_locator AJAX action does not sanitize or escape the POST parameter feedID, and the truncated value is output in the admin dashboard. This leads ...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Smash Balloon Social Post Feed, which...
WordPress Smash Balloon Social Post Feed plugin <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Smash Balloon Social Post Feed plugin versions = 2.19.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 2.19.2...
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH Synchronized MAny-Sided Hammering, the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM...
CVE-2021-3185
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2204-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...
OPENSUSE-SU-2020:2194-1 Security update for minidlna
This update for minidlna fixes the following issues: minidlna was updated to version 1.3.0 boo1179447 - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...