6611 matches found
Chitor-CMS 1.1.2 SQL Injection
!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...
Chitor-CMS v1.1.2 - Pre-Auth SQL Injection
!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...
CVE-2022-44632
CVE-2022-44632 affects the WordPress plugin Denis Buka Content Repeater – Custom Posts Simplified (components: WordPress plugin; vulnerable versions: ≤ 1.1.13). The issue is a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. The root cause is no...
CVE-2022-45839
CVE-2022-45839 refers to a stored cross-site scripting (XSS) vulnerability in the WordPress plugin WHA Puzzle (versions ≤ 1.0.9). The issue arises in the plugin’s authentication flow, enabling an attacker with access to the authoring context to inject and store XSS payloads. Multiple sources corr...
Exploit for SQL Injection in Waqaskanju Chitor-Cms
CVE-2023-31714 - Chitor-CMS Found by msd0pe https://github.com/...
Cross site scripting
Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...
CVE-2022-45849
CVE-2022-45849 affects the WordPress Activello theme (versions
CVE-2022-43458
CVE-2022-43458 affects Code Tides Advanced Floating Content plugin (versions ≤ 1.2.1). The issue is a Cross-Site Scripting (XSS) vulnerability exploitable by users with contributor or higher permissions. Root cause details are not specified beyond the XSS exposure. Mitigation: update to a version...
SUSE-SU-2023:1849-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...
SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...
CVE-2022-45358 WordPress Activello Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)
Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...
CVE-2022-45358
CVE-2022-45358 affects the Silkalns Activello WordPress theme, versions 1.4.4. There is no explicit information in the provided documents about available in-the-wild exploits beyond the described vulnerability context.
CVE-2022-47605
CVE-2022-47605 concerns the WordPress plugin Custom 404 Pro by Kunal Nagar. A SQL Injection vulnerability affects versions
Web Stories < 1.32 - Author+ Auth Bypass
The plugin does not check password protections on posts before performing some actions, allowing users with the Author role or higher to perform unauthorized actions on posts. The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password...
CVE-2023-29005 No Rate Limiting on Login AUTH DB
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...
GHSA-9HCR-9HCV-X6PV Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...
CVE-2023-23799
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Leonardo Giacone Easy Panorama plugin = 1.1.4 versions...
CVE-2023-27620
CVE-2023-27620: Stored XSS in RoboSoft Photo Gallery, Images, Slider (Rbs Image Gallery) plugin for WordPress prior to version 3.2.13. Root cause: shortcodes-based input handling allows injection. Affected: Robo Gallery plugin
CVE-2023-25442 WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Marcel Pol Zeno Font Resizer plugin = 1.7.9 versions...
CVE-2023-25702 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...