golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

Online Banquet Booking System 1.0 Cross Site Request Forgery

Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...

Windows IIS HTTP Protocol Stack DOS

This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...

_autoAcceptOffer doesn't check if caller of setBuyPrice owns the NFT

Lines of code Vulnerability details Impact An attacker can create an offer then auto accept that offer for an NFT they don't own. This can happen for any NFT that the contract is approved for, or any NFT left in escrow with no active limitations Proof of concept Alice has an NFT that they either...

aaPanel 6.8.21 - Directory Traversal (Authenticated)

Exploit Title: aaPanel 6.8.21 - Directory Traversal Authenticated Date: 22.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.aapanel.com/ Software Link: https://www.aapanel.com Version: 6.8.21 Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker c...

CVE-2021-24989

Summary (CVE-2021-24989) : The WordPress plugin “Accept Donations with PayPal” is vulnerable in versions prior to 1.3.4 due to missing CSRF protection and inadequate verification that the target post belongs to the plugin. This enables a logged-in admin to delete arbitrary posts via a CSRF abuse ...

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

...

UBUNTU-CVE-2021-45095

pepsockaccept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak...

Linux kernel 信息泄露漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the U.S. KVM is one of the kernel-based virtual machines. overlayfs is one of the file systems. A security vulnerability exists in the Linux kernel that stems from a reference count leak in...

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

Free School Management Software 1.0 Cross Site Scripting

Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

PT-2021-5656 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.15.8 Description: The issue is related to a refcount leak in the pep sock accept function in the Linux kernel. This leak is associated with insufficient protection of internal data. Exploitation of this issue m...

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

WordPress Accept Donations with PayPal plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Accept Donations with PayPal plugin has a cross-site scripting vulnerability in versions prior to 1.3.2, which stems...

CVE-2021-24815

The CVE-2021-24815 entry concerns the WordPress plugin “Accept Donations with PayPal” (pre-1.3.2). The vulnerability arises from insufficient escaping of the Amount Menu Name field when creating Buttons, enabling stored Cross-Site Scripting that could be exploited by a high-privilege user. No exp...

WordPress Accept Donations with PayPal plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Accept Donations with PayPal plugin in versions prior to 1.3.1 has a cross-site request forgery...

Cross site scripting

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of t...

CVE-2021-24572

The CVE-2021-24572 entry affects the WordPress plugin Accept Donations with PayPal (versions before 1.3.1). The root cause is a CSRF vulnerability in the donation button management function where posts are used to store buttons, and there is no validation to confirm the target post type when dele...

CVE-2021-24570

The CVE-2021-24570 vulnerability affects the WordPress plugin Accept Donations with PayPal up to version 1.3.1. The issue arises from a missing CSRF check in the process that creates donation buttons (which are stored as posts), enabling an authenticated admin to create new buttons. Additionally,...