163 matches found
CVE-2020-13641
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
CVE-2020-13641
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
Design/Logic Flaw
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
WordPress Plugin Bug Opens 100K Websites to Compromise
A high-severity cross-site request forgery CSRF vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. According to research from Wordfence releas...
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email...
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email. PoC...
The FCC's Push to Purge Huawei From US Networks
The rural carriers who rely on Huawei are wary of a costly “rip and replace” effort...
Description of the security update for Excel 2016: December 10, 2019
Description of the security update for Excel 2016: December 10, 2019 Summary This security update resolves an information disclosure vulnerability that exists if Microsoft Excel incorrectly discloses the contents of its memory. To learn more about the vulnerability, see Microsoft Common...
Design/Logic Flaw
The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...
Three Common Questions (and Answers) About Next-Gen AV
Most organizations with traditional, or legacy, antivirus AV solutions are well aware that they are no longer protected from the more advanced tactics and threats of attackers today. Signatures just can’t keep up with emerging threats. But that doesn’t mean that everyone is ready to dive head fir...
Real Time Find and Replace <= 3.8 - Cross-Site Scripting (XSS)
The Real-Time Find and Replace WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
phpMyAdmin 4.0.10.x < 4.0.10.16 / 4.4.15.x < 4.4.15.7 / 4.6.x < 4.6.3 Multiple Vulnerabilities
Binary data 9400.prm...
DEBIAN-CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
UBUNTU-CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
PHPnuke 8.2 - Remote Upload File Exploit
Title : PHPnuke 8.2 Remote Upload File Exploit Author : Net.Edit0r Location : Iran Dork : "POWERED BY PHPNUKE.IR" Category : Remote Email : [email protected] [email protected] Special Thanks To :NetQurd For help in finding bugs Email :[email protected] InformatioN 1.Save code html format ...
Linksys Multiple Vulnerabilities (OF, DoS, more)
The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. CVE-2005-2916 - Download and replace the configuration of affected routers via a...
Funduc Search and Replace Compressed File Local BoF Exploit
Exploit for unknown platform in category local exploits =========================================================== Funduc Search and Replace Compressed File Local BoF Exploit =========================================================== / Search and Replace Compressed File search Local Buffer...