CVE-2021-47940 WordPress Download From Files 1.48 Arbitrary File Upload

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the...

EUVD-2023-44179

Malicious code in bioql PyPI...

WordPress plugin Stop and Block bots plugin Anti bots 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2023-32790 · Kodbox · Kodbox

Name of the Vulnerable Software and Affected Versions: kalcaddle kodbox versions up to 1.48 Description: A critical issue affects the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. This issue can be exploited...

kodbox command injection vulnerability

kodbox is a network file manager. A command injection vulnerability exists in kodbox version 1.48, which stems from a manipulation of the parameter soffice that results in command injection...

Delta Electronics DVP32ES2 PLC Security Vulnerability

The Delta Electronics DVP32ES2 PLC is a programmable logic controller PLC from Delta Electronics of Taiwan, China. A security vulnerability exists in Delta Electronics DVP32ES2 PLC version 1.48. An attacker could exploit the vulnerability to cause a denial of service on the system...

PT-2023-32115 · Delta Electronics · Dvp32Es2 Plc

Name of the Vulnerable Software and Affected Versions: Delta Electronics DVP32ES2 PLC version 1.48 Description: A critical issue has been found in the Password Transmission Handler component, which can be manipulated to cause denial of service. The exploit for this issue has been disclosed...

CVE-2023-3522

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48...

PT-2023-25195

Name of the Vulnerable Software and Affected Versions a2 License Portal System versions prior to 1.48 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

CVE-2022-33971

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow ...