CVE-2020-36875

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

PT-2026-1686

Name of the Vulnerable Software and Affected Versions AccessAlly versions prior to 3.3.2 Description The AccessAlly WordPress plugin contains a flaw where the login error parameter in the Login Widget is treated as PHP code. This allows a remote attacker to execute arbitrary PHP code within the...

ChanCMS /cms/article/update file SQL injection vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...

CVE-2019-15502

The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 FIRST STRONG ISOLATE and U+2067 RIGHT-TO-LEFT ISOLATE...

SUSE CVE-2020-36242

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class...

PT-2022-16877 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions prior to 3.2.39 Statamic versions prior to 3.3.2 Description: The issue allows an attacker to confirm a single character of a user's password hash using a specially crafted regular expression filter in the "users" endpoint o...

PT-2020-14257 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: The issue arises from improper sanitization of plugin names, allowing a malicious plugin author to use characters that could result in unexpected behavior. This could...

CVE-2019-15502

The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 FIRST STRONG ISOLATE and U+2067 RIGHT-TO-LEFT ISOLATE...

Symantec Encryption Management Server (SEMS) Local Elevation of Privilege Vulnerability

Symantec Encryption Management Server manages and automates security policies for encryption solutions. A security vulnerability exists in Symantec Encryption Management Server SEMS versions prior to 3.3.2 MP12. This vulnerability allows a local attacker to gain root access by modifying a batch...

Oracle Linux 6 : kernel (ELSA-2012-1064)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1064 advisory. - kernel Prevent keyctl newsession from causing a panic David Howells 833433 827424 CVE-2012-2745 - net ipv6/netfilter: fix null pointer dereference in...