CVE-2022-41980

Auth. admin+ Cross-Site Scripting XSS vulnerability in Mantenimiento web plugin = 0.13 on WordPress...

Security Bulletin: Tivoli Federated Identity Manager - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIM. Content VULNERABILITY DETAILS...

Security Bulletin: Tivoli Federated Identity Manager Business Gateway - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager Business Gateway contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIMBG. Content...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Mobile Events Manager 1.4.4. The...

CVE-2022-0182

Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Photo Gallery by 10Web plugin before 1.5.68 has a cross-site scripting vulnerability, which stems fro...

The vulnerability lies in the implementation of the /woocommerce-stock-manager/trunk/admin/views/import-export.php function, which handles import/export operations for the WooCommerce Stock Manager plugin. This plugin is a content management system for WordPress websites. An attacker can exploit this vulnerability to perform a CSRF attack.

The vulnerability in the implementation of the /woocommerce-stock-manager/trunk/admin/views/import-export.php function, which handles plugin imports/exports for the WooCommerce Stock Manager content management system for WordPress, relates to unlimited loading of dangerous files. Exploiting this...

The vulnerability of the IcedTea-Web plugin, which stems from insufficient verification of data authenticity, allows a hacker to inject arbitrary code into the JAR file.

The vulnerability of the IcedTea-Web plugin is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the JAR file...

The vulnerability of the IcedTea-Web plugin, related to an incorrect limitation on the path name to the restricted access catalog, allows a hacker to write arbitrary files to the device’s file system.

The vulnerability of the IcedTea-Web plugin is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system using a specially crafted file in formats: .tar, .jar, .war,...

Sandbox Restrictions Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-1191)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-1191 advisory. 1:1.8.0.171-7.b10 - Bump release number to be greater than RHEL 7.6 package to allow build with .el7 suffix - Resolves: rhbz1559766 1:1.8.0.171-4.b10 -...

java security update

CentOS Errata and Security Advisory CESA-2016:0675 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Issue with multimedia playback on Mac OSX

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-41124. panel Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to make...

SUSE-SU-2015:1682-1 Security update for icedtea-web

The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. fixed DownloadService comments in...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

VideoLAN VLC for OS X Web Plugin Installed (Mac OS X)

Binary data macosxvlcplugininstalled.nbin...

TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload Vulnerability

No description provided by source. ============================================== File Upload Vulnerability Plugins tinymce ============================================== http://tinymce.moxiecode.com/pluginsfilemanager.php Author : Hackeri-AL Contact : h-al at hotmail dot it Greetz : LoocK3D &...

Adobe Shockwave Player内存破坏漏洞(CVE-2014-0505)

Bugtraq ID:66182 CVE ID:CVE-2014-0505 Adobe Shockwave Player是一款用于播放使用Director Shockwave Studio制作的网页的外挂软件。 Adobe Shockwave Player存在一个未明内存破坏漏洞，允许远程攻击者构建恶意文件，诱使用户解析，可以应用程序上下文执行任意代码。 0 Adobe Shockwave Player 12.0.9.149 Adobe Shockwave Player 12.0.9.149已经修复该漏洞，建议用户下载更新： http://www.adobe.com...