6043 matches found
WordPress plugin Create 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-32572
Name of the Vulnerable Software and Affected Versions Catch Themes Create versions prior to 2.9.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...
PT-2024-7160 · Jenkins +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.478 and earlier, LTS 2.462.2 and earlier Description: The issue is related to insufficient access control in Jenkins, allowing attackers to bypass item creation restrictions. If an attempt is made to create an item of a...
WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Theme Create versions = 2.9.1...
CVE-2024-8458
The CVE-2024-8458 entry concerns PLANET Technology switch models whose web interface is vulnerable to Cross-Site Request Forgery (CSRF). Affected component: the web application on certain PLANET switch devices. Root cause: CSRF in the web front end allows an unauthenticated remote attacker to tri...
The vulnerabilities of the functions cgi_create_playlist() and cgi_get_tracks_list() (/cgi-bin/MyMusic.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allow a malicious individual to execute arbitrary commands.
The vulnerabilities of the functions cgicreateplaylist and cgigettrackslist /cgi-bin/MyMusic.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343...
DEBIAN-CVE-2024-46837
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...
UBUNTU-CVE-2024-46837
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...
Rupee Invoice System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Rupee Invoice System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...
kernel: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
A vulnerability was found in the Linux kernel's NFSD, specifically in the handling of large file sizes during NFSv3 SETATTR and CREATE operations. The iasize field, being a signed 64-bit type, can lead to unexpected behavior when clients send size values larger than the maximum allowed. This...
SQL Injection
Overview centreon/centreon is a network, system, applicative supervision and monitoring tool. Affected versions of this package are vulnerable to SQL Injection via the create user form inputs. Remediation Upgrade centreon/centreon to version 22.10.24, 23.4.21, 23.10.16, 24.4.6 or higher. Referenc...
Vaidya-Mitra 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
SUSE CVE-2024-46721
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...
AZL-49389 CVE-2024-46721 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...
UBUNTU-CVE-2024-46721
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper validation of the mail parameter in the createAction process. An unauthenticated attacker can display user-submitted data of all forms persisted by the extension. Note This vulnerability can onl...
CVE-2024-46362
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...