6611 matches found
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...
CVE-2023-1671
CVE-2023-1671 affects Sophos Web Appliance older than 4.3.10.4, with a pre-auth command-injection in the warn-proceed handler that allows remote code execution. Public analyses and PoCs describe how user-supplied parameters flow to shell commands, enabling arbitrary code execution without authent...
Judging Management System v1.0 - Remote Code Execution Exploit
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...
Judging Management System v1.0 - Remote Code Execution (RCE)
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...
CVE-2023-23670
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...
CVE-2023-23681
CVE-2023-23681 affects the WordPress plugin Image Hover Effects For WPBakery Page Builder, specifically versions
CVE-2023-23675 WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Catchsquare WP Smart Preloader plugin = 1.15 versions...
CVE-2023-23670
CVE-2023-23670 corresponds to an Authenticated Cross-Site Scripting (XSS) vulnerability in the Team Heateor Fancy Comments WordPress plugin (versions
CVE-2022-47607
CVE-2022-47607 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Usersnap plugin, affecting versions
CVE-2022-45355
CVE-2022-45355 : Authenticated admin+ SQL Injection in the ThimPress WP Pipes plugin prior to 1.34 (affected versions ≤1.33). Root cause: improper sanitization/escaping of SQL input from the plugin, enabling injection with admin privileges. Impact per sources includes data access/modification via...
CVE-2022-47596
The CVE-2022-47596 entry refers to a Stored Cross-Site Scripting (XSS) vulnerability in the Jeffrey-WP Media Library Categories WordPress plugin, affecting versions = 2.0.0. Other sources corroborate the admin+ authenticated XSS characterization. If upgrading is not possible, apply available miti...
CVE-2022-47438 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions...
CVE-2022-47438
CVE-2022-47438 affects the WordPress plugin Booking calendar / Appointment Booking System (WpDevArt) up to version 3.2.3. The root cause is a stored XSS vulnerability in parameters that are not escaped, exploitable by authenticated users with Editor or higher privileges. Impact is described as a ...
CVE-2023-27246
An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...
CVE-2023-25704
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2023-25704
CVE-2023-25704 involves a Stored Cross-Site Scripting (XSS) vulnerability in the Mehjabin Orthi Interactive SVG Image Map Builder plugin for WordPress, affecting versions
CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2022-46855
CVE-2022-46855 is a Stored Cross-Site Scripting (XSS) in the WP Darko Responsive Pricing Table plugin, affected versions ≤ 5.1.6. The root cause is insufficient sanitization/escaping of the fields.title parameter, which can allow a contributor (and higher) to inject JavaScript. The vulnerability’...
CVE-2023-27246
An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...