7 matches found
Wordpress Plugin BestWebSoft Job Board 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
Surpass 路径遍历漏洞
Surpass is a PHP package developed primarily for Laravel by the individual developer Sukohi Kuhoh. It is used to manage uploading images and displaying thumbnails using Ajax. A path traversal vulnerability exists in Surpass versions prior to 1.0.0, which stems from unknown code in the file...
Appwrite 跨站脚本漏洞
Appwrite is Appwrite open source an end-to-end backend server . Used to package into a set of Docker microservices for web, mobile, native or backend applications . A cross-site scripting vulnerability exists in versions prior to Appwrite 1.0.0-RC1. No information about this vulnerability is...
PT-2022-18280
Name of the Vulnerable Software and Affected Versions CVRF-CSAF-Converter versions prior to 1.0.0-rc2 Description The issue allows for the inclusion of arbitrary local file content into the generated output document due to XML External Entities XXE. This can be exploited by an attacker to disclos...
ws module remote memory leak vulnerability
The ws module is a Node.js WebSocket server implementation. A security vulnerability exists in the ping function in versions of the ws module prior to 1.0.0. An attacker can exploit this vulnerability to cause ws to send the contents of a buffer that has been allocated for use to the server,...
librsync Limit Bypass Vulnerability
librsync is a free software library developed by software developer Martin Pool that implements the rsync remote-delta algorithm which enables fast and instantaneous updating of remote files over a network. A security restriction bypass vulnerability exists in versions of librsync prior to 1.0.0...
Sql injection
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter...