WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

CVE-2003-1281

cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files...

CVE-2021-23283

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

CVE-2021-23283 Security issues in Eaton Intelligent Power Protector (IPP)

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

Intelligent Power Protector跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Software. A cross-site scripting vulnerability exists in Eaton Intelligent Power Protector IPP prior to version 1.69, which stems from insufficient validation of user input and improper encoding of output for certain resources in the IPP software...

Eaton Intelligent Power Manager Remote Code Execution Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A remote code execution vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, whi...

CVE-2021-23276

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base...

Debian DLA-1284-1 : leptonlib security update

Talosintelligence discovered a command injection vulnerability in the gplotMakeOutput function of leptonlib. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that...