78 matches found
CVE-2023-22451
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...
CVE-2023-22451 Weak password requirements in Kiwi TCMS
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...
CVE-2023-22451 Weak password requirements in Kiwi TCMS
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...
PT-2022-26422 · WordPress · Wp Google Review Slider
Name of the Vulnerable Software and Affected Versions: WP Google Review Slider WordPress plugin versions prior to 11.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
Low: Red Hat Bug Fix Advisory: redhat-ds:11 bug fix and enhancement update
An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.6 for RHEL 8. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP server, as well as command-line utilities and Web UI...
WordPress Yoast SEO Plugin 1.2.0 < 11.6 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
EUVD-2022-35838
A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...
PT-2022-21447 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: An information disclosure issue exists in the aVideoEncoderReceiveImage functionality. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger th...
PT-2022-22271 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 11.6 WWBN AVideo dev master commit 3f7c0364 Description: A SQL injection issue exists in the ObjectYPT functionality, specifically within the Live Schedules plugin. This allows an attacker to inject SQL by manipulating the...
PT-2022-20200 · Wwbn · Wwbn Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A privilege escalation issue exists in the session id functionality. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP...
PT-2022-20234 · Wwbn · Wwbn Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting issue exists in the image403 functionality. This allows an attacker to execute arbitrary Javascript code through a specially-crafted HTTP request. An attacker can exploit this by...
PT-2022-21710 · Unknown +1 · Wwbn Avideo +1
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A SQL injection issue exists in the ObjectYPT functionality, specifically within the Live Schedules plugin. This allows an attacker to inject SQL by manipulating the title parameter in a specially-crafte...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A SQL injection vulnerability exists in WWBN AVideo version 11.6. An attacker exploits this vulnerability to cause SQL injection via a specially crafted HTTP request...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from an information disclosure vulnerability in the chunkFile function. An attacker can exploit this vulnerability to cause an arbitrary file to be rea...
PT-2022-21452 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 3f7c0364 Description: A cross-site scripting xss vulnerability exists in the footer alerts functionality. This issue allows for arbitrary Javascript execution through a specially-crafted HTTP...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from a missing HttpOnly flag in the session cookie and pass cookie, which can disclose sensitive information...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6, which stems from a specially crafted HTTP request that could lead to arbitrary Javascript execution...
WWBN AVideo 授权问题漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. An authorization issue vulnerability exists in WWBN AVideo version 11.6. An attacker could exploit this vulnerability to escalate privileges via a specially crafted HTTP request...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. WWBN AVideo version 11.6 suffers from a SQL injection vulnerability that stems from a sql injection vulnerability in the ObjectYPT function. An attacker can use this vulnerability to cause an sql injection via a specially...