2434 matches found
CVE-2022-2369
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...
PT-2022-14183 · WordPress · Copyrightpro
Name of the Vulnerable Software and Affected Versions: Copyright Proof WordPress plugin versions 4.16 and earlier Description: The issue concerns a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being output via an AJAX action...
automattic/mongoose vulnerable to Prototype pollution via Schema.path
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification...
PT-2022-13289 · WordPress · The Professional Social Sharing Buttons
Name of the Vulnerable Software and Affected Versions: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin versions prior to 9.7.6 Description: The issue is related to a lack of proper authorization check in one of the AJAX actions, allowing unauthorized access to...
CVE-2022-1937
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
WordPress plugin Awin Data Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
rpc.py 代码问题漏洞
rpc.py is a fast and powerful ASGI/WSGI-based RPC framework for individual developers in Aber, China. A security vulnerability exists in rpc.py version 0.6.0 and earlier. An attacker exploited the vulnerability to process data using unpickle...
GHSA-CJ7V-27PG-WF7Q Jetty invalid URI parsing may produce invalid HttpURI.authority
Description URI use within Jetty's HttpURI class can parse invalid URIs such as http://localhost;/path as having an authority with a host of localhost;. A URIs of the type http://localhost;/path should be interpreted to be either invalid or as localhost; to be the userinfo and no host. However,...
Symantec Advanced Secure Gateway 环境问题漏洞
Symantec Advanced Secure Gateway ASG is a security gateway appliance from Symantec Corporation. An environmental issue vulnerability exists in Symantec Advanced Secure Gateway ASG and ProxySG that stems from susceptibility to an HTTP asynchronous vulnerability. An attacker could exploit the...
WordPress plugin Gallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Aiodnsbrute - DNS Asynchronous Brute Force Utility
A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It's fast. Benchmarks on small VPS hosts put around 100k DNS resoultions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid...
GSD-2022-1004023 zsmalloc: fix races between asynchronous zspage free and page migration
zsmalloc: fix races between asynchronous zspage free and page migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.282 by commit...
GSD-2022-1003930 zsmalloc: fix races between asynchronous zspage free and page migration
zsmalloc: fix races between asynchronous zspage free and page migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.246 by commit...
GSD-2022-1003659 zsmalloc: fix races between asynchronous zspage free and page migration
zsmalloc: fix races between asynchronous zspage free and page migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.120 by commit...
GSD-2022-1003451 zsmalloc: fix races between asynchronous zspage free and page migration
zsmalloc: fix races between asynchronous zspage free and page migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.45 by commit...
GSD-2022-1003184 zsmalloc: fix races between asynchronous zspage free and page migration
zsmalloc: fix races between asynchronous zspage free and page migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.13 by commit...
GSD-2022-1002867 zsmalloc: fix races between asynchronous zspage free and page migration
zsmalloc: fix races between asynchronous zspage free and page migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.2 by commit...
CVE-2022-1903
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username...
The vulnerability of the asynchronous input/output interface io_uring in Linux kernel allows a attacker to prematurely terminate the process or gain elevated privileges.
The vulnerability of the asynchronous input/output interface iouring in Linux operating systems is related to data type mixing errors. Exploiting this vulnerability can allow an attacker to abruptly terminate the process or gain increased privileges...
CVE-2022-1905
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...