208 matches found
CVE-2023-1016 Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection
The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
K90803619: Linux kernel vulnerability CVE-2016-6136
Security Advisory Description Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerabilit...
SUSE CVE-2012-0471
Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set...
SUSE CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
SubprotocolRegistry is vulnerable to malicious names
Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...
[SECURITY] [DLA 3152-1] glibc security update
Debian LTS Advisory DLA-3152-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne October 17, 2022 https://wiki.debian.org/LTS Package : glibc Version : 2.28-10+deb10u2 CVE ID : CVE-2016-10228 CVE-2019-19126 CVE-2019-25013 CVE-2020-1752 CVE-2020-6096 CVE-2020-10029...
OWASP ModSecurity Core Rule Set 安全漏洞
The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set CRS that originates in the Character Set Acceptance header field, which results i...
[SECURITY] Fedora 36 Update: golang-github-axgle-mahonia-0-0.14.20181112git3358181.fc36
Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...
[SECURITY] Fedora 35 Update: golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc35
Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...
[SECURITY] Fedora 36 Update: golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc36
Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...
Better Notifications for WP < 1.8.7 - Email Address Disclosure
The plugin does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one etc.. import sys import string import urllib.parse import...
Huawei EulerOS: Security Advisory for python-rtslib (EulerOS-SA-2021-2164)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-10113
cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...
CVE-2020-10113
cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...
Design/Logic Flaw
cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...
UBUNTU-CVE-2019-5718
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a gett61string length check...
CVE-2018-11330
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...
Cross site scripting
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...