GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

CVE-2026-31817 OliveTin has unsafe parsing of UniqueTrackingId can be used to write files

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the KillAction function. An attacker can terminate active jobs initiated by legitimate users by directly invoking the KillAction endpoint without authentication, even when guest login is required. This can...

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

SpringData - SpEL RCE Exploit - CVE-2022-22980 Exploit pour l...

CVE-2018-10189

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...

EUVD-2016-7463

Malware in sbrugna...

CVE-2024-1584

The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpacheckauthentication' function in all versions up to, and including, 5.2.1. This makes it possible f...

CVE-2024-1584

CVE-2024-1584 affects Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy). The issue is a missing capability check in wpa_check_authentication across all versions up to 5.2.1, enabling unauthorized modification of the site’s Google Analytics tracking ID by unauthenticat...

WordPress Analytify plugin <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification vulnerability

Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification vulnerability discovered by Francesco Carlucci in WordPress Plugin Analytify versions = 5.2.3...

Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update

Description The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the...

CVE-2023-5818

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...

CVE-2023-5818

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...

Cross site request forgery (csrf)

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...

CVE-2022-41055

creationtimestamp| type| source ---|---|--- 2022-11-10 00:36:20+00:00| seen| https://t.me/cibsecurity/52725 2026-04-11 09:00:04+00:00| published-proof-of-concept| Telegram/hHunREvgbrtaiowp0SSSQRV55NXHdmYyGGeQLtI5iwbwo...

IBM BlueMix Cloud Script Insertion

Document Title: =============== IBM BlueMix Cloud - API Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1846 IBM Security Tracking ID: 5377-12593283 Release Date: ============= 2016-07-04 Vulnerability Laboratory ID VL-ID:...

Splunk 4.x Denial Of Service

Splunk versions 4.0 through 4.3.4 suffer from an unauthenticated remote denial of service vulnerability against splunkd. Vendors: Splunk Inc., http://www.splunk.com Product: Splunk 4.0 - 4.3.4 Vulnerability: Unauthenticated remote denial of service against splunkd Tracking IDs: SPL-55521 Vendor...