26 matches found
PT-2025-1788 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery
Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary...
CVE-2024-2222 Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...
claimAuction can be reverted by any bidder, locking all funds and the prize.
Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...
The vulnerability of the OAuth2 extension for the software environment used to implement the MediaWiki hypertext environment allows a hacker to perform cross-site request forgeing attacks.
The vulnerability of the OAuth2 extension for implementing the MediaWiki hypertext environment is related to the absence of a check on the OAuth2 status parameter in the callback function. Exploiting this vulnerability allows a malicious actor to perform cross-site forged requests...
CVE-2016-1016
Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...
Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Windows CreateWindow function...