ZTE ZXA10 C3XX Access Control Error Vulnerability

ZTE ZXA10 C3XX is a series of optical access aggregation equipment with EPON/GPON function from China ZTE Corporation ZTE. An access control error vulnerability exists in the ZTE ZXA10 C3XX version 2.1.0 and later, before 2.1.0xgp002.4. The vulnerability stems from improper access control setting...

Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability

Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...

WordPress All-In-One Security (AIOS) - Security and Firewall plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress All-In-One Security AIOS - Security and Firewall plugin version 5.1.0 and earlier is vulnerable to...

NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

CVE-2022-41924

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows...

Cross-site scripting

Description memos allow users to upload file and make it public to others. But if the file is html with below content, xss attack can happen. Proof of Concept // PoC.js alert"warning";...

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists during the node transaction which allows an attacker to cause an application crash by creating arbitrary number of nodes...

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

WordPress WPML Multilingual CMS premium plugin access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPML Multilingual CMS premium plugin 4.5.10 and earlier versions are vulnerable to an acces...

WordPress Spacer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Spacer version 3.0.7 or earlier has a cross-site scripting vulnerability that can be...

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Booster for WooCommerce plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Easy Digital Downloads plugin CSV Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

WordPress Mantenimiento Web Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Mantenimiento Web 0.13 and earlier versions are vulnerable to cross-site request forgery,...

Dolibarr SQL Injection Vulnerability

Dolibarr is a software application. It can help you manage the activities of your organization. An SQL injection vulnerability exists in dolibarrerp/crm 16.0.1, version 16.0.2, which stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the...

WBCE CMS Results Footer Field Cross-Site Scripting Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS v1.5.4 and its previous versions exist cross-site scripting vulnerability, the vulnerability stems from the Search Settings module in the Results Footer field of the user-supplied data lack of effective...

WordPress Permalink Manager Lite has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

WordPress Booster for WooCommerce plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Unspecified Vulnerability in WordPress Appointment Hour Booking plugin

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15777)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by attackers to launch a program crash attack...