78 matches found
Information disclosure
In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550...
WordPress WordPress CTA Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software WordPress CTA Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e01853618b33 Credits István Márton Require...
WordPress KPIS CTA Buttons Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
Software KPIS CTA Buttons Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2cbe82135686 Credits Rafie Muhammad Patchstack Require...
PT-2023-21676 · Unknown · Vk All In One Expansion Unit
Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit versions 9.88.1.0 and earlier Description: A cross-site scripting issue in the CTA post function allows a remote authenticated attacker to inject an arbitrary script. Recommendations: For versions 9.88.1.0 and...
VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Setup: The CTA Expansion...
CVE-2022-26429
In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...
CVE-2022-26429
In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...
CVE-2022-26429
In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...
CVE-2022-26429
CVE-2022-26429 concerns a missing permission check in the cta component, enabling an app to write permission usage records. This constitutes a local privilege escalation vulnerability with a LOCAL attack vector, LOW privileges required, and NO user interaction needed. The NVD entry cites a patch ...
We can control you see the content: mainstream IPTV remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
About a year ago, Check Point Research Team found that the Ukrainian TV streaming platform, there is a serious vulnerability, once exploited, could enable service providers face a serious risk. Specifically, an attacker can get the entire customer database of personal information and financial...
cta-usa.org Open Redirect vulnerability
Vulnerable URL: http://cta-usa.org/redirect.php?link=https%3A%2F%2Fopenbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 03.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 6804757 VIP website status:| No...
Hubspot CTA - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-012 - Unsupported
This module enables you to embed a Hubspot CTA buttons widget in a Bean block. The module allows configuration of a CTA ID and Account ID while adding a bean block for a CTA button, but doesn't sufficiently sanitise these parameters, allowing a potential cross-site scripting attack. This...
Information disclosure
EMC Cloud Tiering Appliance CTA 9.x through 10 SP1 and File Management Appliance FMA 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack...
CVE-2014-0645
EMC Cloud Tiering Appliance (CTA) versions 9.x–10 SP1 and Cloud Tiering Appliance (CTA) 10.x/10 SP1 Vulnerabilities: two issues are described. First, CVE-2014-0645: default root/super/admin passwords are DES-encrypted and stored, enabling context-dependent attackers to brute-force sensitive data ...
CVE-2014-0644
The CVE-2014-0644 flaw affects EMC Cloud Tiering Appliance (CTA) 10 through SP1, with an unauthenticated XXE in the/ api/login flow that permits reading arbitrary files (e.g., /etc/shadow) with root privileges. Public references describe an unauthenticated XXE arbitrary file read, and multiple ad...
EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
CVE-2007-3184
Cisco Trust Agent (CTA) for Mac OS X prior to 2.1(104).0 is vulnerable to a local, unauthenticated attack with physical access: when the ACS prompts a user notification after posture validation, an attacker can interact with the Apple Menu to bypass authentication and access System Preferences wi...
CVE-2007-1800
Cisco Secure ACS does not require authentication when Cisco Trust Agent CTA transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and...