19 matches found
WordPress User Registration Advanced Fields plugin <= 1.6.20 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin User Registration Advanced Fields versions = 1.6.20...
CVE-2026-4882
The CVE concerns the WordPress plugin “User Registration Advanced Fields” (URAF). Vulnerable code path: URAF_AJAX::method_upload, with missing file type validation, across all versions up to and including 1.6.20. This permits unauthenticated attackers to upload arbitrary files on the affected sit...
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
Divxtodvd Easy Video to iPod Converter 缓冲区错误漏洞
Divxtodvd Easy Video to iPod Converter is a software tool developed by the Thai company Divxtodvd, designed for converting video formats and adapting them for playback on iPod devices. Version 1.6.20 of Easy Video to iPod Converter contains a buffer overflow vulnerability, which stems from...
CVE-2024-47360
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20...
WordPress plugin BA Book Everything 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress BA Book Everything plugin <= 1.6.20 - Unauthenticated Arbitrary User Password Reset vulnerability
Unauthenticated Arbitrary User Password Reset vulnerability discovered by wesley wcraft in WordPress Plugin BA Book Everything versions = 1.6.20...
WordPress BA Book Everything plugin <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover vulnerability
Cross-Site Request Forgery to Email Address Update/Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin BA Book Everything versions = 1.6.20...
WordPress plugin BA Book Everything 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2024-39258 · WordPress · Ba Book Everything
Name of the Vulnerable Software and Affected Versions: BA Book Everything plugin for WordPress versions up to, and including, 1.6.20 Description: The issue allows unauthenticated attackers to reset any user's passwords, including administrators, due to the reset user password function not verifyi...
WordPress plugin BA Book Everything 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-23440 · Weforms · Weforms
Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.20 and earlier Description: A Missing Authorization issue has been identified. This issue allows unauthorized access. The estimated number of potentially affected devices is not specified. Recommendations: For weForms...
PT-2024-24630 · Weforms · Weforms
Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.20 and earlier Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in weForms, which allows the removal of important client functionality. Recommendations: For weForms...
WordPress plugin weForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-25026 · Nautobot · Nautobot
Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.20 Nautobot versions prior to 2.2.3 Description: A Reflected Cross-Site Scripting Reflected XSS attack can be executed against users due to improper handling and escaping of user-provided query parameters in...
Debian DSA-4067-1 : openafs - security update
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Code injection
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...
Updated openafs packages fix security vulnerability
Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is...
PT-2016-2468 · Png Development +1 · Libpng +1
Name of the Vulnerable Software and Affected Versions: libpng versions prior to 1.6.20 Android versions prior to 4.4.4 Android 5.0.x versions prior to 5.0.2 Android 5.1.x versions prior to 5.1.1 Android 6.x versions prior to 2016-07-01 Description: The issue is related to errors in the libpng...