35 matches found
EUVD-2020-6361
Malware in sbrugna...
EUVD-2020-6360
Malware in sbrugna...
EUVD-2020-6359
Malware in sbrugna...
CVE-2020-14207
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filterdiver parameter...
CVE-2020-14206
The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function via an arbitrary parameter...
CVE-2020-14205
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs...
WordPress DiveBook Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the filter function of the WordPress DiveBook plugin...
WordPress DiveBook plugin access control error vulnerability
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is a fundraising platform plugin used in it.relevant is a relevant content display plugin used in it. A security...
WordPress DiveBook plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress DiveBook plugin version 1.1.4, which originates fr...
DiveBook <= 1.1.4 - Improper Authorisation Check
An authorisation issue is present in the DiveBook "Add New Dive" feature, allowing anonymous users to create a new dive entry with a crafted HTTP POST request...
WordPress DiveBook plugin <= 1.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...
DiveBook <= 1.1.4 - Unauthenticated Reflected XSS
:A reflected Cross-Site Scripting vulnerability exists within the DiveBook log's filter functionality. Arbitrary URL parameters are reflected into the application's response, rendered by the browser as HTML or JavaScript. An attacker may abuse this functionality by sending a victim a crafted link...
DiveBook <= 1.1.4 - Unauthenticated SQL Injection
The filterdiver GET parameter, in pages where the DiveBook is embed, does not properly sanitise and validate user data, leading to an Unauthenticated SQL injection vulnerability. PoC The PoC will be displayed once the issue has been remediated...
DiveBook <= 1.1.4 - Unauthenticated SQL Injection
The filterdiver GET parameter, in pages where the DiveBook is embed, does not properly sanitise and validate user data, leading to an Unauthenticated SQL injection vulnerability. The PoC will be displayed once the issue has been remediated...
WordPress DiveBook plugin <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Hooper Labs WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...
WordPress DiveBook plugin <= 1.1.4 - Improper Authorisation Check vulnerability
Improper Authorisation Check vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...
DiveBook <= 1.1.4 - Unauthenticated Reflected XSS
:A reflected Cross-Site Scripting vulnerability exists within the DiveBook log's filter functionality. Arbitrary URL parameters are reflected into the application's response, rendered by the browser as HTML or JavaScript. An attacker may abuse this functionality by sending a victim a crafted link...
CVE-2020-14207
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filterdiver parameter...
CVE-2020-14206
The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function via an arbitrary parameter...
CVE-2020-14205
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs...