WordPress ProfileGrid plugin <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by WordFence in WordPress Plugin ProfileGrid versions = 5.9.8.1...

EUVD-2023-34248

Malicious code in bioql PyPI...

CVE-2023-2792

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...

WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

GHSA-49JC-R788-3FC9 gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

CVE-2023-27396

FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...

CVE-2023-2792

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...

Command injection

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...

CVE-2022-24905

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...

SiPass Integrated Access Control Vulnerability

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, an affected application does not adequately restrict access to the internal message broker system. An attacker could exploit the vulnerability to subscribe to arbitrary message queues...

Stark Bank 数据伪造问题漏洞

Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank ecdsa-dotnet suffers from a Data Forgery Issue vulnerability that stems from the...

Unauthorized Printing Of Arbitrary Message

Moodle is vulnerable to unauthorized printing of arbitrary message to user. The vulnerability is possible because the application does not check the session key on the return page in the LTI module. A malicious user can pass a malicious string through the URL query string to have it printed...

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

EduSoho通用网络课堂产品任意消息删除

简要描述： 在线学习网站，好不错的样子呢 详细说明： 最近在看游戏开发之类的，然后在一个网络课堂看公开课。 偶然的机会看到管理员给我发私信说写的代码中奖了，好开心的说。。 高兴之后，我就对URL的id参数比较感兴趣。。 又看到这个样式，好像是通用的，点进去看了下。 好吧，看到了成功案例。还省的去搜索引擎找了。 复制几个过来吧 泰课在线 www.taikr.com 开源力量 www.osforce.cn 小象学院 www.chinahadoop.cn 兄弟连云课堂 http://yun.itxdl.cn 云知梦 http://www.lampym.com 美课网...

chacmool Private Message System 1.1.3 send.php Arbitrary Message Access

No description provided by source. source: http://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. Private Message System 1.1...

WWWBoard覆盖任意消息漏洞

BugCVE: CVE-1999-0930 BUGTRAQ: 1795 wwwboard.pl是Matt Wright写的一个perl脚本，用来处理web留言板。wwwboard.pl脚本存在一个问题，在用户使用form method=POST提交时没有检查其提交内容。input type=hidden name= followup value=栏的 followup 是相关的前一个消息，如果恶意用户修改了 followup 的值将导致以前存在的留言被覆盖。 2.0 Alpha 2 Matt Wright -----------...

PBLang Bulletin Board System 4.x - &#039;DelPM.php&#039; Arbitrary Personal Message Deletion

source: https://www.securityfocus.com/bid/12694/info PBLang is reported prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls...

chacmool Private Message System 1.1.3 - &#039;send.php&#039; Arbitrary Message Access

source: https://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. Private Message System 1.1.3 is reported vulnerable to these...