7 matches found
WordPress WP Poll Maker Plugin <= 3.4 is vulnerable to Arbitrary File Upload
Software WP Poll Maker Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32514 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 5f238f52b673 Credits Yudistira Arya Required privilege Subscriber...
WordPress Corsa Theme <= 1.5 is vulnerable to Arbitrary File Upload
Software Corsa Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-23970 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4cf947f86882 Credits Dave Jong Patchstack Required privilege...
Intel Data Center Manager 4.1 SQL Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: SQL Injection CWE-89 Date found: 2022-01-21 Date...
WordPress Elementor 3.6.2 Remote Code Execution Vulnerability
Description: Insufficient Access Control leading to Subscriber+ Remote Code Execution Affected Plugin: Elementor Plugin Slug: elementor Plugin Developer: Elementor Affected Versions: 3.6.0 – 3.6.2 CVE ID: CVE-2022-1329 CVSS Score: 9.9Critical CVSS Vector:...
CVE-2022-21391
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network acces...
hAFL1 – Our Journey of Fuzzing Hyper-V and Discovering a Critical 0-Day
Within hours from the moment our in-house built fuzzer, hAFL1, started running – it found a critical, CVSS 9.9 RCE vulnerability in Hyper-V’s virtual driver...
Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Software House C•CURE 9000 and American Dynamics victor Video Management System Vulnerability: Cleartext Storage of...