113 matches found
CVE-2023-39578
A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...
CVE-2023-39578
A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...
Denial Of Service (DoS)
github.com/taosdata/TDengine is vulnerable to Denial Of Service DoS. The vulnerability exists due to the improper input validation of the library, which allows an attacker with the create function privilege to crash the application by providing a maliciously crafted UDF nested query...
KodExplorer 跨站脚本漏洞
KodExplorer is a web file manager by warlee personal developer. A security vulnerability exists in KodExplorer version 4.51, which stems from a cross-site scripting XSS vulnerability contained in the description box of the Create function, which can be exploited by an attacker by injecting XSS...
PT-2023-20153 · WordPress · Wpcs – Wordpress Currency Switcher Professional
Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization due to a missin...
WordPress Plugin WPCS – WordPress Currency Switcher Professional 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WPCS - A...
Path Traversal
github.com/dablelv/go-huge-util is vulnerable to Path Traversal. The vulnerability exists due to the Create function in file/file.go because the library fails to strip ../ from the uncompressed file name, which allows an attacker to traverse outside the expected directory...
SUSE CVE-2005-0709
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the create function, by manipulating the @user field. Remediation Upgrade curupira to version 0.1.4 or higher. References - GitHub Commit - GitHub Release...
CVE-2022-41424
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4SttsAtom::Create function in mp42hls...
CVE-2022-41424
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4SttsAtom::Create function in mp42hls...
CVE-2022-41424
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4SttsAtom::Create function in mp42hls...
CVE-2022-41424
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4SttsAtom::Create function in mp42hls...
CVE-2022-41424
Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4SttsAtom::Create function in mp42hls...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which originates in the AP4StdcFileByteStream::CreateAP4FileByteStream, char const , AP4FileByteStream::Mode, AP4ByteStream& function does not free or fail...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 v1.6.0-639, which originates from a denial of service due to a memory leak in the AP4StdcFileByteStream::Create function of its mp42ts component that can be caused by an attacker via ...
Business Logic Errors
dolibarr/dolibarr is vulnerable to business logic errors. An attacker can exploit this flaw by providing a negative price amount to the create function in don.class.php as it does not properly check user input negative price amounts...
Copy your own portfolio to keep earning royalties
Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol going through the create function which leads to the sendFeesWithRoyalties = addShares function, Im not seeing any checks preventing someone from copying their own portfolio and receiving royalty shares for it and simply repeating...
MySQL User-Defined (Linux) x32 / x86_64 - (sys_exec) Local Privilege Escalation Exploit (2)
Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux x8664 using...
Prototype Pollution in dot-notes
All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...