Unsafe YAML deserialization in opensearch-ruby

Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2...

CVE-2022-1820

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

DEBIAN-CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2...

UBUNTU-CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2...

PT-2022-3410 · Unknown +5 · Eventsource +5

Name of the Vulnerable Software and Affected Versions: eventsource/eventsource versions prior to 2.0.2 Description: The issue is related to insufficient protection of sensitive data, allowing a remote attacker to gain unauthorized access to protected information. This is due to the improper remov...

TRENDnet TI-PG Series 输入验证错误漏洞

The TRENDnet TI-PG Series is a series of switches from TRENDnet. A security vulnerability exists in TRENDnet TI-PG1284i versions prior to 2.0.2.S0, no details of the vulnerability are provided at this time...

TRENDnet TI-PG Series 输入验证错误漏洞

The TRENDnet TI-PG Series is a series of switches from TRENDnet. A security vulnerability exists in TRENDnet TI-PG1284i versions prior to 2.0.2.S0, no details of the vulnerability are provided at this time...

Beego 后置链接漏洞

Beego is an open source web framework based on the Go language. A backward linking vulnerability in the file profile.go in the function GetCPUProfile in Beego 2.0.2 and earlier versions allows attackers to locally launch a symbolic link attack...

PT-2022-11720 · Unknown · Chikista Patient Management

Name of the Vulnerable Software and Affected Versions: Chikista Patient Management Software version 2.0.2 Description: A Cross Site Scripting XSS issue exists in the first name parameter in several pages, including "patient/insert", "patient report", "appointment report", "visit report", and "bil...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to the use of the --upload-pack feature of git which is also supporte...

Wordpress 404 to 301 2.0.2 Plugin - SQL Injection (Authenticated) Exploit

Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on: Ubuntu 20.04 CV...

PT-2022-9381 · Unknown · Php Everywhere

Name of the Vulnerable Software and Affected Versions: PHP Everywhere plugin versions = 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application...

Wordpress Plugin PHP Everywhere 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.PHP Everywhere is a Wordpress plugin. A cross-site request forgery vulnerability exists in the Wordpress Plugin PHP...

CVE-2021-37572

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization...

CVE-2021-37571

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write...

Chikitsa Patient Management System 2.0.2 Backup Remote Code Execution

Exploit Title: Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...

Chikitsa Patient Management System 2.0.2 - (backup) Remote Code Execution Exploit

Exploit Title: Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution RCE Authenticated Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...

PYSEC-2021-433

S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a ../ substring in a ListBucketResult element...

S3Scanner 路径遍历漏洞

S3Scanner is an open source tool for finding open S3 storage buckets and dumping their contents by Dan Salmon, an individual developer in the United States. S3Scanner prior to version 2.0.2 suffers from a path traversal vulnerability that stems from a failure of a networked system or product to...

Security Bulletin: IBM Security Privileged Identity Manager vulnerable to local command execution vulnerability (CVE-2020-15862)

Summary IBM Security Privileged Identity Manager has addressed the following vulnerability in net-SNMP component used. Vulnerability Details CVEID: CVE-2020-15862 DESCRIPTION: Net-SNMP could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper...