24 matches found
CVE-2024-2568
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/divdata/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotel...
CVE-2024-4103
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller function. This makes it possible for...
Swiss Toolkit For WP < 1.0.8 - Contributor+ Authentication Bypass
Description The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with...
CVE-2024-4104
CVE-2024-4104 : ADFO – Custom data in admin dashboard (WordPress plugin) is vulnerable to a reflected XSS via the dbp_id parameter in versions ≤ 1.9.0 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject scripts on pages that execute when a ...
CVE-2024-4104 ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbpid' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-4103 ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller function. This makes it possible for...
CVE-2024-4103 ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller function. This makes it possible for...
ADFO – Custom data in admin dashboard < 1.9.1 - Reflected Cross-Site Scripting
Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbpid' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-2568
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/divdata/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotel...
CVE-2024-2568 heyewei JFinalCMS Custom Data Page sql injection
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/divdata/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotel...
CVE-2024-2568 heyewei JFinalCMS Custom Data Page sql injection
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/divdata/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotel...
PT-2024-21088 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: heyewei JFinalCMS version 5.0.0 Description: A critical issue has been found in the Custom Data Page component, specifically affecting an unknown functionality of the file "/admin/div data/delete?divId=9". This issue leads to sql injection an...
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities...
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool,...
SUSE CVE-2017-12082
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...
[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-1.0.0-6.fc36
TOML stands for Tom's Obvious, Minimal Language. This Go package provides a reflection interface similar to Go's standard library json and xml packages. This package also supports the encoding.TextUnmarshaler and encoding.TextMarshaler interfaces so that you can define custom data representations...
Fedora: Security Advisory for golang-github-burntsushi-toml (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-burntsushi-toml-1.0.0-5.fc35
TOML stands for Tom's Obvious, Minimal Language. This Go package provides a reflection interface similar to Go's standard library json and xml packages. This package also supports the encoding.TextUnmarshaler and encoding.TextMarshaler interfaces so that you can define custom data representations...
Fedora: Security Advisory for golang-github-burntsushi-toml (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-1.0.0-5.fc36
TOML stands for Tom's Obvious, Minimal Language. This Go package provides a reflection interface similar to Go's standard library json and xml packages. This package also supports the encoding.TextUnmarshaler and encoding.TextMarshaler interfaces so that you can define custom data representations...