WordPress plugin WP Maintenance Mode & Site Under Construction 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WP Maintenance Mode & Site Under Construction An...

WordPress plugin 授权问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Captchinoo, Google recaptcha for admin login page An...

WordPress plugin Login Protection - Limit Failed Login Attempts 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 2.9 prior to the version Login Protectio...

resource-agents security update

4.1.1-68 - azure-lb: fix redirect issue Resolves: rhbz1850778 4.1.1-67 - gcp-vpc-move-vip: add support for multiple alias IPs Resolves: rhbz1846733 4.1.1-65 - azure-events: handle exceptions in urlopen Resolves: rhbz1845574 4.1.1-64 - nfsserver: fix NFSv4-only support - azure-events: new resource...

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

CVE-2019-12363

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate or usercp.php?action=mybb2fa&do=activate. A deactivate operation lowers the...

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

UBUNTU-CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

CVE-2018-5179

Affected software: Chromium/Google Chrome (browser). Issue: CVE-2018-5179, within the ServiceWorker implementation, where the update() path could run indefinitely due to insufficient limits. Cause: described as an error in the ServiceWorker component; multiple vendor advisories map this CVE to pr...

River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)

River Past Ringtone Converter 2.7.6.1601 - Denial of Service PoC Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.riverpast.com/ Software Link : http://www.riverpast.com/ Tested...

chromium-browser: Lack of limits on update() in ServiceWorker

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

Unspecified vulnerability in Joomla! (CNVD-2020-12784)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An unspecified vulnerability exists in Joomla! An attacker can exploit the vulnerability to activate their email account...

Mgetty Command Injection Vulnerability (CNVD-2019-03439)

Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in Mgetty versions prior to 1.2.1, which stems from the 'doactivate' function failing to properly filter shell metacharacters in the fax/faxq-helper.c file, which can be exploited by an...

DEBIAN-CVE-2018-16741

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function doactivate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or characters within a file created by the "faxq-helper activate " command...