CVE-2024-37699

An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption...

VulnCheck KEV: CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up...

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

CVE-2019-6691

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...

CVE-2005-2713

CVE-2005-2713 concerns local privilege escalation in Mac OS X. The iDefense advisory details two related issues in the /usr/bin/passwd binary on affected builds (Mac OS X 10.3.9 and 10.4.5; server variants also mentioned): first, passwd accepts a password database option and does not verify write...