34 matches found
EUVD-2021-11623
Malware in sbrugna...
EUVD-2021-11472
Malware in sbrugna...
EUVD-2021-8194
Malicious code in bioql PyPI...
CVE-2021-24711
The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...
CVE-2021-24560
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the editrecord parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-20782
Cross-site request forgery CSRF vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2023-3937
Snow Software License Manager (web portal) versions 9.0.0–9.30.1 on Windows are affected by a cross-site scripting vulnerability. An authenticated user with high privileges can trigger XSS via the web browser; the issue originates in the web portal and affects the stated versions. Exploitation de...
PT-2023-26536 · Snow · Software License Manager
Name of the Vulnerable Software and Affected Versions: Snow Software license manager versions 8.0.0 through 9.30.1 Description: The issue is related to a blind SQL injection in a service running in the Snow Software license manager. This allows a logged-in user with high privileges to inject SQL...
PT-2023-26898 · Snow · Software License Manager
Name of the Vulnerable Software and Affected Versions: Snow Software License Manager versions 9.0.0 through 9.30.1 Description: The issue is a cross site scripting vulnerability in the web portal of Snow Software License Manager. This allows an authenticated user with high privileges to trigger a...
FlexNet Unauthorized Access Vulnerability
An unauthorized access vulnerability exists in FlexNet 2020 R2.5 and prior versions of FlexNet, a software license manager from Flexera, Inc. of Chicago, USA. An attacker could exploit this vulnerability to modify other restricted files after passing local authentication...
CVE-2021-24711
The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...
CVE-2021-24711
The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...
Cross site request forgery (csrf)
The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...
CVE-2021-24711
CVE-2021-24711 affects the Software License Manager WordPress plugin prior to 4.5.1. The root cause is that the del_reistered_domains AJAX action lacks CSRF checks, enabling CSRF attacks that could allow an attacker to delete domains arbitrarily. Documented impact is vulnerable to CSRF with poten...
CVE-2021-24711 Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...
WordPress 插件 跨站请求伪造漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability exists in the WordPress plugin Software License Manager, which stems from the delreistereddomains AJAX action of the Software License Manager WordPress plugin prior to 4.5.1 that does n...
CVE-2021-24560
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the editrecord parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24560 Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the editrecord parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24560
CVE-2021-24560 affects the WordPress plugin Software License Manager up to version 4.4.8. The issue is a Reflected Cross-Site Scripting vulnerability caused by insufficient sanitization/escaping of the edit_record parameter when outputting content in the admin dashboard. Affected component: the p...
Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
The delreistereddomains AJAX action of the plugin does not have any CSRF checks, and is vulnerable to a CSRF attack PoC https://example.com/wp-admin/admin-ajax.php?action=delreistereddomain=1...