18 matches found
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2025-2531)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 24th, 2024, during our second Bug Bounty Extravaganza...
WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection Vulnerabilities
Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...
Affiliate Me 5.0.1 SQL Injection
Exploit Title: Affiliate Me Version 5.0.1 - SQL Injection Exploit Date: May 16, 2023. CVSS 3.1: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Tactic: Initial Access TA0001 Technique: Exploit Public-Facing Application T1190 Application Name: Affiliate Me Application Version:...
W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the mos...
Fedora: Security Advisory for golang-github-need-being-tree (FEDORA-2023-c9b2182a4e)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-intel-goresctrl (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-hashicorp-hclog (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely...
Nextcloud: Persistent XSS on favorite via filename
CVSS ---- Medium 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Description ----------- The name of a file is echoed without encoding when favoring the file, leading to persistent XSS. POC --- To place the payload: - Create a file called test'".pdf and upload it. To trigger the payload: - click...
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability
Document Title: =============== VUPlayer 2.49 - .pls Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1876 Release Date: ============= 2016-07-24 Vulnerability Laboratory ID VL-ID: ==================================== 1876...
Mobile Drive HD 1.8 - Local File Inclusion
Document Title: =============== Mobile Drive HD v1.8 - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1446 Release Date: ============= 2015-03-11 Vulnerability Laboratory ID VL-ID: ==================================== 1446...
iFunBox Free v1.1 iOS - File Include Vulnerability
Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID: ==================================== 1344...
Fedora Update for rubygem-actionpack FEDORA-2012-11870
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for rubygem-actionpack FEDORA-2012-9636
Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2012-9636 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for rubygem-actionpack FEDORA-2012-9636
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Immunity Canvas: JAVA_DESERIALIZE2
Name| javadeserialize2 ---|--- CVE| CVE-2010-0094 Exploit Pack| CANVAS Description| javadeserialize2 Notes| CVE Name: CVE-2010-0094 VENDOR: Sun OSVDB: http://osvdb.org/show/osvdb/63484 Repeatability: Infinite client side - no crash References:...
Debian Security Advisory DSA 1795-1 (ldns)
The remote host is missing an update to ldns announced via advisory DSA 1795-1. OpenVAS Vulnerability Test $Id: deb17951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1795-1 ldns Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...