18 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-3154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject...
PT-2025-33883
Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A security flaw has been discovered in SolidInvoice. The impacted element is an unknown function within the /clients file of the Clients Module. Manipulation of the Name argument results in...
CVE-2024-13118
The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack...
Cockpit 安全漏洞
Cockpit is an interactive server management interface for Cockpit open source. A security vulnerability exists in Cockpit versions prior to 2.4.1 that stems from vulnerability to arbitrary file uploads, allowing an attacker to bypass upload filters...
Cockpit 代码问题漏洞
Cockpit is an interactive server management interface. A code issue vulnerability exists in versions prior to Cockpit 2.4.1 that stems from a lack of extension checking during file uploads. An attacker can exploit this vulnerability to execute malicious code in the server...
PT-2023-16885 · Cockpit Hq · Cockpit
Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.4.1 Description: The issue concerns an unrestricted upload of files with dangerous types. There is no information provided about the estimated number of potentially affected devices worldwide or details...
PT-2022-13251 · WordPress · Flo-Launch
Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...
FreeRDP 缓冲区错误漏洞
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer error vulnerability exists in versions prior to FreeRDP 2.4.1, which stems from the program's inability to validate input data, and a malicious gateway could allow out-of-bounds writes to...
SOGo 数据伪造问题漏洞
SOGo is a very fast and scalable modern collaboration suite. It provides calendaring, address book management and a full-featured Webmail client, as well as resource sharing and permission handling. A security vulnerability exists in SOGo that stems from the fact that when the program's SAML is t...
PT-2020-6865 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.1 Description: A remote code execution issue occurs due to command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory, which is then executed via the...
PT-2020-10464 · Apache +5 · Mod Auth Openidc +5
Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.1 Description: A flaw exists in the handling of URLs with a slash and backslash at the beginning, leading to an open redirect issue. Recommendations: For versions prior to 2.4.1, update to version 2.4.1 ...
Rukovoditel Project Management CRM Cross-Site Scripting Vulnerability
Rukovoditel Project Management CRM is a Web-based open source project management software. The software has project management , customer relationship management and other functions . A cross-site scripting vulnerability exists in Rukovoditel Project Management CRM versions prior to 2.4.1. The...
CVE-2018-8729
Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...
WonderCMS Arbitrary File Deletion Vulnerability
WonderCMS is an open source, fast, small and simple flat file cms. An arbitrary file deletion vulnerability exists in index.php in WonderCMS versions prior to 2.4.1. A remote attacker can exploit this vulnerability to delete arbitrary files via directory traversal...
Ansible Information Disclosure Vulnerability
Ansible is a computer system configuration manager from Ansible, Inc. that can be used to publish, manage and orchestrate computer systems. An information disclosure vulnerability exists in Ansible version 2.3.x and version 2.4.x prior to 2.4.1. A remote attacker can exploit this vulnerability to...
Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2017-06734)
Exponent CMS is a free, open source, modular PHP-based content management system CMS. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. A cross-site scripting vulnerability exists in the...
CVE-2011-5287
Multiple cross-site scripting XSS vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 hesksettingstmptitle or 2 hesklangENCODING parameter to inc/header.inc.php; the hesklangattempt parameter to 3 inc/assignmentsearch.inc.php, 4...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 hesksettingstmptitle or 2 hesklangENCODING parameter to inc/header.inc.php; the hesklangattempt parameter to 3 inc/assignmentsearch.inc.php, 4...