[SECURITY] Fedora 44 Update: coturn-4.10.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

CVE-2024-1330

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database...

WordPress plugin Freemius SDK 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1330

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database...

EUVD-2023-57859

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

PT-2023-32175

Name of the Vulnerable Software and Affected Versions 10Web Booster WordPress plugin versions prior to 2.24.18 Description The issue allows unauthenticated users to delete arbitrary options from the database, leading to denial of service, due to the lack of validation of the option name given to...

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

SUSE CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

Froxlor Remote Code Execution Vulnerability

Froxlor is a server administration control panel that can be used to manage multi-user or shared servers. A remote code execution vulnerability exists in Froxlor versions prior to 0.10.14. A remote attacker can exploit this vulnerability to execute arbitrary code via database configuration option...