364 matches found
Security Bypass
datadog/dd-trace is vulnerable to Security Bypass. The vulnerability is due to insufficient constraint on the ddtrace.requestinithook by the openbasedir INI directive, which allows an attacker to bypass the openbasedir INI directive...
datadog/dd-trace Circumvents open_basedir INI directive
datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR 579. This pull request ensures that the ddtrace.requestinithook remains bound by the openbasedir INI directive, effectively addressing potential vulnerabilities related to openbasedir...
GHSA-QVGG-R6RQ-VWFX datadog/dd-trace Circumvents open_basedir INI directive
datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR 579. This pull request ensures that the ddtrace.requestinithook remains bound by the openbasedir INI directive, effectively addressing potential vulnerabilities related to openbasedir...
PT-2024-40441 · Datadog · Datadog/Dd-Trace
Name of the Vulnerable Software and Affected Versions: datadog/dd-trace versions 0.30.0 through 0.30.1 Description: The issue concerns a security and stability problem where the ddtrace.request init hook was not properly bound by the open basedir INI directive, potentially leading to...
DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting
Description The DD Rating plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitra...
CVE-2024-30554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1...
CVE-2024-30554 WordPress DD Rating plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1...
CVE-2024-30554 WordPress DD Rating plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1...
WordPress Plugin DD Rating 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DD Rating A cross-site...
PT-2024-23484 · Dd Rating · Dd Rating
Name of the Vulnerable Software and Affected Versions: DD Rating versions 1.7.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically Stored XSS. Recommendations: For DD...
WordPress DD Rating Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)
Software DD Rating Type Plugin Vulnerable versions = 1.7.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30554 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 84c2a6915ce6 Credits Cronus Required privilege Author Published 29...
marioncountydd.org Cross Site Scripting vulnerability OBB-3851835
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied...
Online Notice Board System SQL Injection Vulnerability
Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in Online Notice Board System v1.0, which occurs when the dd parameter of the registration.php page is processed without filtering and sent to the database for processing...
CVE-2023-48667
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the...
CVE-2023-48668
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands o...
CVE-2023-44286
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a...
CVE-2023-44285
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege...
CVE-2023-44285
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege...
CVE-2023-44279
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a...