WordPress Icegram Engage plugin < 3.1.32 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...

Linux Distros Unpatched Vulnerability : CVE-2017-1000480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2024-3201

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pplink' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2024-13482

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Icegram Engage 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12302 Icegram Engage < 3.1.32 - Author+ Stored XSS

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks...

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.32...

PT-2024-24355 · WordPress · Wp Dsgvo Tools

Name of the Vulnerable Software and Affected Versions: WP DSGVO Tools GDPR plugin for WordPress versions up to, and including, 3.1.32 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'pp link' shortcode due to insufficient input sanitization and output escaping on...

GitPython 路径遍历漏洞

GitPython is a Python library open-sourced by gitpython-developers for interacting with Git repositories. A path traversal vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that in order to resolve some git references, GitPython reads the file .git from a...

GitPython 代码问题漏洞

GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A code issue vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that an attacker can trick a user into downloading a repository with a malicious git...

GitPython Security Vulnerabilities

GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A security vulnerability exists in GitPython versions prior to 3.1.32 that stems from not blocking the unsafe non-multi option in clone and clonefrom...

PT-2023-4724

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.32 Description The issue is related to errors in processing input data in the GitPython library, which can allow a remote attacker to execute arbitrary code by injecting a specially crafted URL into the clone...

Security fix for the ALT Linux 10 package dotnet-aspnetcore-3.1 version 3.1.32-alt1

3.1.32-alt1 built March 18, 2023 Vitaly Lipatov in task 316692 March 13, 2023 Vitaly Lipatov - ASP.NET Core 3.1.32 - CVE-2022-38013: .NET Denial of Service Vulnerability...

Security Updates for Microsoft ASP.NET Core (December 2022)

A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Note that Nessus has not tested for this issue but has instead relied only on the...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE such that a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-x64 to version 3.1.32,...

Trusted-Directory Bypass via Path Traversal

Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...