WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection

Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to JPCERT/CC, and...

CVE-2020-24791

FUEL CMS 1.4.8 allows SQL injection via the 'fuelreplaceid' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

USN-4753-1 linux-oem-5.10 vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

Freebsd FreeBSD Competitive Conditions Problem Vulnerability

FreeBSD is a Unix-like operating system from the Freebsd Foundation. pts is a pseudo-terminal driver used in it. FreeBSD has a security vulnerability that can be exploited by an attacker to bypass access restrictions and read or modify data on the host system via jail attach...

CVE-2021-26686

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attack...

CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

The vulnerability of the Tasks component in Oracle Common Applications Calendar allows attackers to modify data or gain unauthorized access to the device, due to insufficient validation of input data.

The vulnerability of the Tasks component in the Oracle Common Applications Calendar application exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to modify data or gain unauthorized access to the device through HTTP requests...

CVE-2021-21016 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

CVE-2021-21027 Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...

CVE-2021-21015 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required...

CVE-2020-13186

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...

CVE-2020-13186

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...

Cross site request forgery (csrf)

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...

The vulnerability of the Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information.

The vulnerability of the Unified Audit component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to protected...

The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to modify data or gain unauthorized access to the device.

The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to remotely modify data or gain unauthorized access to the device...

The vulnerability of the Marketing Administration component of the Oracle Marketing marketing platform allows a perpetrator to modify data or gain unauthorized access to the device.

The vulnerability of Oracle Marketing’s Marketing Administration component exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to modify data or gain unauthorized access to the device through HTTP requests...

The vulnerability of the components of Web Services in Oracle WebLogic Server’s application servers allows attackers to gain access to modify, add, or delete data.

The vulnerability of the components of Oracle WebLogic Server’s application services is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP protocol over the network...

The vulnerability of the RAS subsystem components of the Sun ZFS Storage Appliance Kit allows a perpetrator to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the RAS subsystem components of the Sun ZFS Storage Appliance Kit is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information...

The vulnerability of the Report component of the Oracle Hospitality Reporting and Analytics application allows a perpetrator to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information.

The vulnerability of the Report component of the Oracle Hospitality Reporting and Analytics application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to obtain unauthorized access to protected...

Teradici Cloud Access Connector Cross-Site Request Forgery Vulnerability

A cross-site request forgery vulnerability exists in Teradici Cloud Access Connector v31 and earlier, which can be exploited by an attacker to modify data when a user clicks a malicious link...