Lucene search
+L

135 matches found

Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.9 views

PT-2023-18340 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos update steps ajax handler, badgeos update award steps ajax handler, badgeos...

4.3CVSS5.4AI score0.00519EPSS
Exploits0References8
OSV
OSV
added 2023/07/01 6:15 a.m.4 views

CVE-2021-4404

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...

4.3CVSS5.6AI score0.0039EPSS
Exploits0References9
Prion
Prion
added 2023/07/01 6:15 a.m.13 views

Cross site request forgery (csrf)

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...

4.3CVSS4.3AI score0.0039EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.10 views

WordPress Plugin Easy Google Maps 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

5.4CVSS6.7AI score0.00282EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/07 12:0 a.m.8 views

PT-2023-20210 · Sourcecodester · Sourcecodester Multi Language Hotel Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Multi Language Hotel Management Software version 1.0 Description: A problematic issue has been found in the software, affecting the file ajax.php of the component POST Parameter Handler. The manipulation of the complaint type...

6.1CVSS6.1AI score0.00549EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.6 views

PT-2022-7110 · Sangoma · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX cdr versions 14.0 through 14.0.5.20 Description: The issue is related to the ajaxHandler function in the ucp/Cdr.class.php file of the FreePBX web interface, which fails to protect against SQL query structure attacks. This can allow a...

9.8CVSS6.8AI score0.00679EPSS
Exploits0References9
NVD
NVD
added 2019/10/03 9:15 p.m.21 views

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

8.8CVSS8.8AI score0.03126EPSS
Exploits1References2
Prion
Prion
added 2019/10/03 9:15 p.m.23 views

Remote code execution

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

6.5CVSS8.7AI score0.03126EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/10/03 8:2 p.m.26 views

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

8.8AI score0.03126EPSS
Exploits1References2
CVE
CVE
added 2019/10/03 8:2 p.m.119 views

CVE-2019-15766

CVE-2019-15766 affects the KSLABS KSWEB Android app (v3.93). An authenticated attacker can trigger remote code execution by sending a POST to the AJAX handler with configFile (arbitrary file path) and config_text (content to write), potentially writing and executing a PHP file in the device’s pub...

8.8CVSS8.7AI score0.03126EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/11/17 9:29 a.m.4 views

CVE-2017-16870

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...

8.1CVSS5.6AI score0.00957EPSS
Exploits1References1
seebug.org
seebug.org
added 2015/09/02 12:0 a.m.21 views

Drupal up to 7.38 Ajax Handler a Tag cross site scripting

No description provided by source...

7.1AI score
Exploits0
Mageia
Mageia
added 2015/08/27 8:49 p.m.37 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/27 12:0 a.m.5 views

Drupal Ajax Handler and Ctools Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Ajax handler is one of the modules used to handle Ajax requests.Ctools Chaos tool suite is one of the API modules used to improve the development experience. A cross-site scripting...

4.3CVSS7.1AI score0.02689EPSS
Exploits0References1
Prion
Prion
added 2015/08/24 2:59 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...

4.3CVSS6.1AI score0.02689EPSS
Exploits0References15Affected Software3
Rows per page
Query Builder