SUSE CVE-2023-3195

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service...

Cross site scripting

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

PT-2023-19080 · WordPress · Float Menu +11

Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...

UBUNTU-CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

SUSE CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

WordPress WP Coder Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Coder Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2362 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f20e6f427663 Credits Erwan LR Required privilege...

SUSE CVE-2021-20245

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability...

PT-2023-3431 · Unknown +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue is related to an undefined behavior caused by casting double to size t in certain coders, such as svg and mvg, which can lead to integer overflow. This can potentially allow a...

Glazed Lists 代码问题漏洞

Glazed Lists is Glazed Lists open source an open source list conversion for Java. A security vulnerability exists in Glazed Lists v1.11.0. An attacker exploiting this vulnerability can execute arbitrary code via the BeanXMLByteCoder.decode parameter...

[SECURITY] Fedora 38 Update: bzip3-1.3.0-1.fc38

These are tools for compressing, decompressing, printing, and searching bzip3 files. bzip3 features higher compression ratios and better performance than bzip2 thanks to an order-0 context mixing entropy coder, a fast Burrows-Wheeler transform code making use of suffix arrays and a run-length...

Coder Code-Server 访问控制错误漏洞

Coder Code-Server is a U.S. Coder company based on Microsoft's open source Visual Studio Code development products. It is used to build a convenient and unified development environment for developers. A security vulnerability exists in Coder Code-Server versions prior to 4.10.1 that stems from...

K29154575: ImageMagick vulnerability CVE-2016-3717

Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...

CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Sql injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-0895 WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-0895

CVE-2023-0895 affects the WordPress WP Coder plugin, where versions up to 2.5.3 are vulnerable to time-based SQL Injection via the id parameter due to insufficient escaping and poor query preparation. Exploitation requires authenticated admin privileges. The issue has been fixed in version 2.5.4 ...

CVE-2023-0895 WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WP Coder < 2.5.4 - Admin+ SQLi

The plugin does not properly sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...