82 matches found
WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection
Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...
WordPress Bit Form – Contact Form Plugin Plugin <= 2.13.10 is vulnerable to Arbitrary File Upload
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.13.10 Fixed in 2.13.11 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-47319 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 4ad1bd9ca230 Credits Certus Cybersecurity...
DEBIAN-CVE-2024-43359
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61...
WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)
Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30461 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98402ce486d0 Credits Majed...
CVE-2023-41292
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Edit Username Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3874545cb784 Credits Jeongwoo-LeeRoronoa Required privileg...
Denial of service
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10...
CVE-2023-30362
Buffer Overflow vulnerability in coapsend function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu...
SUSE CVE-2016-1000030
Pidgin version 2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutlsx509crtinit and gnutlsx509crtimport that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client...
SUSE CVE-2021-32627
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...
Design/Logic Flaw
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to...
CVE-2021-27102
Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
rubygems: Path traversal when writing to a symlinked basedir outside of the root
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2019-13627
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7...
Debian: Security Advisory (DLA-1568-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-14773: Remove support for legacy and risky HTTP headers
Affected versions Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 versions of the Symfony HttpFoundation component are affected by this security issue. The issue has been fixed in Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and...
nulca.com.au XSS vulnerability
Open Bug Bounty ID: OBB-501219 Description| Value ---|--- Affected Website:| nulca.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based ...
[SECURITY] [DSA 3282-1] strongswan security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3282-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez June 08, 2015 http://www.debian.org/security/faq -...
vsftpd 2.3.2 - Denial of Service
include include include include include include include / This is code of http://cxib.net/stuff/vspoc232.c PoC CVE-2011-0762 vsftpd Remote Denial of Service Affected: 2.3.2 Fix: 2.3.4 Author: Maksymilian Arciemowicz Use: ./vspoc232 127.0.0.1 21 user pass 1 or read...
DSA-1628-1 pdns - DNS spoofing
Bulletin has no description...