18 matches found
EUVD-2018-2672
Malware in sbrugna...
ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure
The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wpoptions table, such as a list of active plugins. PoC List all active plugins of the...
NovaRad NovaPACS Diagnostics Viewer v8.5 OOB XXE File Disclosure
Summary NovaPACS revolutionary workflow infrastructure has been designed and developed using the expertise of radiology directors, technicians, PACS administrators for over 20 years. This wealth of imaging experience has lead to over 850 installations in more than 15 countries as well as key...
CVE-2018-10600
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...
CVE-2018-10600
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...
Nagios XI SQL Injection (CVE-2018-8734)
An SQL injection vulnerability exists in Nagios XI. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress SP Projects and Document Manager Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress SP Projects and Document Manager Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress Calculated Fields Form Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress Calculated Fields Form Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
Netsweeper Multiple Vulnerabilities (Aug 2015)
Netsweeper is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netsweeper:netsweeper";...
Symantec Endpoint Protection Manager 11.x / 12.x < 12.1 RU6 MP1 Multiple Vulnerabilities (SYM15-007)
The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 12.1 RU6 MP1. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the password reset functionality that allows a remote attacker, using a crafted password reset action, t...
Etiko CMS Multiple Vulnerabilities
Etiko CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress Multi View Event Calendar SQL Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
Participants Database Plugin for WordPress 'query' Parameter SQL Injection
The Participants Database Plugin for WordPress installed on the remote host is affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input to the 'query' parameter in the pdb-signup script. An unauthenticated, remote attacker can exploit this issue to injec...
Xerox DocuShare SQLi Vulnerability (Apr 2014) - Active Check
Xerox DocuShare is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities
According to its version number, the MantisBT install hosted on the remote web server is 1.1.0 or later but prior to 1.2.16. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting flaw exists with the 'accountsponsorpage.php' where the 'projectid' parameter is not...
WordPress NOSpamPTI 2.1 Blind SQL Injection
NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support changes to the functions.php to this we alter this function...
LeagueManager Plugin for WordPress 'wp-admin/admin.php' 'league_id' Parameter SQL Injection
The WordPress LeagueManager plugin installed on the remote host is affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input to the 'leagueid' parameter of the '/wp-admin/admin.php' script. A remote, unauthenticated attacker can leverage this issue to...
Wordpress Level Four Storefront Plugin SQL Injection Vulnerability
This host is installed with Wordpress Level Four Storefront Plugin and is prone to sql injection vulnerability. OpenVAS Vulnerability Test $Id: gbwordpresslevelfourstorefrontsqlinjvuln.nasl 6115 2017-05-12 09:03:25Z teissa $ Wordpress Level Four Storefront Plugin SQL Injection Vulnerability...