537 matches found
Keynote 跨站脚本漏洞
Keynote is a flexible Rails presenter from Ryan Fitzgerald Personal Developer. A cross-site scripting vulnerability exists in Keynote version 0.x and prior versions, which stems from incorrect manipulation of the parameter value leading to cross-site scripting...
AeroCMS 路径遍历漏洞
AeroCMS is a content management system from AeroCMS Inc. in the United States. AeroCMS version v0.0.1 suffers from a security vulnerability that stems from vulnerability to directory traversal attacks, which can be exploited by attackers to obtain sensitive information...
py7zr 路径遍历漏洞
py7zr is a library and utility program by the individual developer Hiroshi Miura. It supports compression, decompression, encryption and decryption of 7zip archives written in the Python programming language. A security vulnerability exists in py7zr version v0.20.0 and earlier versions. An attack...
AeroCMS SQL注入漏洞
AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the edit parameter of its admincategories.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...
WordPress plugin Mantenimiento Web 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Mantenimiento Web 0.13 and earlier versions are vulnerable to cross-site request forgery,...
CVE-2022-44051
The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0...
PT-2022-27091 · Pypi · D8S-Networking +2
Name of the Vulnerable Software and Affected Versions: d8s-networking version 0.1.0 d8s-htm version 0.1.0 Description: The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by thi...
CVE-2022-38075
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...
PT-2022-20682 · WordPress · Search Logger
Name of the Vulnerable Software and Affected Versions: Search Logger WordPress plugin versions 0.9 and earlier Description: The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be...
PYSEC-2022-43040
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
PYSEC-2022-43022
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...
PYSEC-2022-43030
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43019
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...
PT-2022-25833 · Pypi · Democritus-File-System +1
Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. Recommendations: For...
wasm3 缓冲区错误漏洞
wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A buffer error vulnerability exists in wasm3 version v0.5.0, which stems from the opSelecti32sr component containing a segmentation error...
CVE-2022-40430
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...
CVE-2022-38882
The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PYSEC-2022-43076
The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
CVE-2022-40808
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
PT-2022-37368 · Pypi · D8S-Dates +1
Name of the Vulnerable Software and Affected Versions: d8s-dates version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-dates package for python, distributed on PyPI. The backdoor is related to the democritus-hypothesis package. Recommendations:...