10 matches found
WordPress plugin The Moneytizer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
SQL Injection in 'core/ajax/ajax_data.php'
Description There exists an SQL injection affecting the customerid parameter located in the file core/ajax/ajaxdata.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/core/ajax/ajaxdata.phpL537 sql where stockproductid =...
MAL-2022-567 Malicious code in @roku-web-core/ajax (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8b91c6eb13ceb3e23c595456e0139e5abbd90ec53ce9f38463755879bb0c078 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-726G-CGCQ-4XW8 Dolibarr Cross-Site Scripting (XSS) vulnerability
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...
CVE-2013-0202
Cross-site scripting XSS vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php...
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...
Nextcloud: Wordpress: Directory Traversal / Denial of Serivce
Hello Security team, While testing nextcloud.com i have found that you are not using the lastest version of wordpress you are using old version 4.5.3 which is vulnerable to Directory Traversal / Denial of Serivce Description : A path traversal vulnerability was found in the Core Ajax handlers of...
WordPress 4.5.3 Core Ajax Handlers Path Traversal
------------------------------------------------------------------------ Path traversal vulnerability in WordPress Core Ajax handlers ------------------------------------------------------------------------ Yorick Koster, July 2016...
Design/Logic Flaw
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered ...
Multiple code executions - ownCloud
A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...