Linux Distros Unpatched Vulnerability : CVE-2017-11329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entityrestrict parameter that is not a list of integers. CVE-2017-11329...

CVE-2024-13814

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-13814

CVE-2024-13814 concerns the Global Gallery – WordPress Responsive Gallery plugin. All versions up to and including 9.1.5 are affected due to a flaw that allows values to be passed to do_shortcode without proper validation, enabling arbitrary shortcode execution. An attacker with Subscriber-level ...

WordPress Global Gallery - WordPress Responsive Gallery plugin <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

WordPress Global Gallery - WordPress Responsive Gallery plugin = 9.1.5 - Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Global Gallery versions = 9.1.5...

CVE-2024-39735

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

PT-2024-27235 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...

Sql injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

Security Bulletin: IBM MQ Appliance is affected by inclusion of sensitive data within trace (CVE-2019-4731)

Summary IBM MQ Appliance has addressed the following inclusion of sensitive data within trace vulnerability. Vulnerability Details CVEID: CVE-2019-4731 DESCRIPTION: IBM MQ Appliance could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. CV...

Security Bulletin: IBM MQ and IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2020-4338)

Summary An incomplete fix for CVE-2019-4719 in IBM MQ and IBM MQ Appliance could still allow attackers to obtain sensitive information. Vulnerability Details CVEID: CVE-2020-4338 DESCRIPTION: IBM MQ could allow a local attacker to obtain sensitive information by inclusion of sensitive data within...

VMware AirWatch Console 9.1.x < 9.1.5 / 9.2.x < 9.2.2 XSRF

According to its self-reported version, the install of VMware AirWatch Console running on the remote host is 9.1.x prior to 9.1.5 or 9.2.x prior to 9.2.2. It is, therefore, affected by a user-input validation error that allows cross-site request forgery XSRF attacks. Note that Nessus has not test...

CVE-2017-11184

SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter...