15 matches found
EUVD-2022-34654
Malicious code in bioql PyPI...
Embedded Malicious Package
Overview @toptal/picasso-provider is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
CVE-2022-2388
The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack...
CVE-2024-4382 CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...
CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks Codes:...
Ivanti Avalanche Code Issue Vulnerability
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions prior to 6.4.1.207 that stems from unrestricted file...
Ivanti Avalanche Code Issue Vulnerability
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions prior to 6.4.1.207 that stems from unrestricted file...
CVE-2022-2388
The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack...
CVE-2022-2388 WP Coder < 2.5.3 - Code Deletion via CSRF
The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack...
CVE-2022-2388
The CVE-2022-2388 vulnerability affects the WP Coder WordPress plugin prior to version 2.5.3. The issue is a CSRF omission when deleting code created by the plugin, allowing an authenticated admin to delete arbitrary code via CSRF. Impact stated as I:H with no confidentiality impact and no availa...
WP Coder < 2.5.3 - Code Deletion via CSRF
The plugin does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack https://example.com/wp-admin/admin.php?page=wp-coder&info=del&did=1...
WP Coder < 2.5.3 - Code Deletion via CSRF
The plugin does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=wp-coder=del=1...
CVE-2020-9013
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...
Debian DSA-1514-1 : moin - several vulnerabilities
Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2423 A cross-site-scripting vulnerability has been discovered in attachment handling. - CVE-2007-2637 Access...
DSA-1514-1 moin
Bulletin has no description...