6612 matches found
CVE-2022-41791
The CVE-2022-41791 entry concerns an authenticated CSV Injection vulnerability in the WordPress ProfileGrid plugin, affecting versions up to 5.1.6. The vulnerability is tied to ProfileGrid’s handling of CSV uploads/exports, with an impact that, per connected reports, can enable change-authorizati...
CVE-2022-41791 WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
Auth. subscriber+ CSV Injection vulnerability in ProfileGrid plugin = 5.1.6 on WordPress...
CVE-2021-36905
The CVE-2021-36905 entry describes a stored XSS vulnerability in the WordPress Quiz And Survey Master plugin (versions
CVE-2021-36905 WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. contributor+ Stored Cross-Site Scripting XSS vulnerabilities in Quiz And Survey Master plugin = 7.3.4 on WordPress...
WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...
CVE-2022-36786
DLINK DSL-224 router (firmware 3.0.8) is affected by a post-auth command injection via the NTP configuration interface exposed through a jsonrpc API. The underlying issue allows commands to run with ROOT privileges on the device, per multiple sources. Practical impact includes full device comprom...
WordPress Export Users With Meta plugin <= 0.6.8 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress Export Users With Meta plugin versions = 0.6.8. Solution No patched version is available. This plugin has been closed as of November 14, 2022 and is not available for download. This closure is temporary,...
Rocky Linux 8 : dovecot (RLSA-2022:7623)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7623 advisory. - An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args...
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
GHSA-WCJJ-QM5V-J4PC Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS
In Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service high load...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2022-45384
CVE-2022-45384 affects the Jenkins Reverse Proxy Auth Plugin. Versions 1.7.3 and earlier store the LDAP manager password unencrypted in the Jenkins controller’s global config.xml, enabling access by anyone with filesystem access to the controller. The vulnerability is triggered by plaintext stora...
PT-2022-27486 · Jenkins · Jenkins Reverse Proxy Auth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier Description: The issue allows attackers with access to the Jenkins controller file system to view the LDAP manager password, which is stored unencrypted in the global config.xml fil...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2022-43686
In Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service high load...
PortlandLabs Concrete CMS 资源管理错误漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS formerly concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from the fact that its...
Citrix Addresses Auth bypass Flaws Affecting ADC and Gateway Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has addressed bugs in Citrix ADC and Citrix Gateway. A remote intruder could exploit either of these flaws to obtain control of a susceptible system. To successfully exploit the vulnerabili...