309 matches found
kubevirt-csi: PersistentVolume allows access to HCP's root node
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...
CVE-2023-6742 Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated...
CVE-2023-6524 MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
CVE-2023-4999 Horizontal scrolling announcement <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's horizontal-scrolling shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2023-5135 Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-1888
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset th...
Access to all file-versions of a user as soon as he has one share with the attacker – ownCloud
------- An authenticated attacker can access all versions of all files even unshared as soon as the owner of said files has at least one outgoing share with the attacker. To attacker needs to guess a file-id which is numeric and sequential. Affected ----- - owncloud/core = v10.0.9 - owncloud/core...
MGASA-2017-0145 Updated samba packages fix security vulnerability
A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process CVE-2016-2126. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this...
CVE-2016-9461
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to...