174 matches found
CVE-2024-32127 WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6...
CVE-2024-32127
CVE-2024-32127 is an SQL injection vulnerability in the WordPress plugin Find Duplicates by Markus Seyer. The issue is described as an improper neutralization of special elements used in an SQL command, affecting Find Duplicates versions from n/a up to 1.4.6. The public data in the connected docu...
CVE-2024-32127 WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6...
PT-2024-24421 · Unknown · Markus Seyer Find Duplicates
Name of the Vulnerable Software and Affected Versions: Markus Seyer Find Duplicates versions 1.4.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...
WordPress Plugin Find Duplicates SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Find Duplicates plugin <= 1.4.6 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Find Duplicates versions = 1.4.6...
WordPress Find Duplicates Plugin <= 1.4.6 is vulnerable to SQL Injection
Software Find Duplicates Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32127 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 52116cf54a22 Credits Le Ngoc Anh Required privilege Subscriber Publish...
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Summary An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/duplicates/list endpoint allowing an authenticated user without the permissions t...
Unable to upload new SDWAN Licesne
The applied license neither changed the value of existing features nor added new features. This may be due to duplicate or invalid features or multiple server licenses...
The vulnerability of the btf_dump_name_dups() function in the tools/lib/bpf/btf_dump.c library of the libbpf library (Berkeley Packet Filters) in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the libbpf library Berkeley Packet Filters in the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...
kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...
CVE-2020-27418
A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgaconinvertregion function...
Attacker can drain the forked DAO's ERC20s by supplying a list with dupes to quit()
Lines of code Vulnerability details The quit function is used to allow members of the forked DAO to ragequit the dao and receive a pro-rata share of the ERC20 tokens that the DAO holds. One version of this functions allows the user to supply their own list of ERC20 tokens for the function to...
SUSE CVE-2020-15187
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...
PT-2023-34259 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to a use-after-free in btf dump name dups. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-33439 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.19.2 Description: The issue is related to the handling of rq qos requests, where the same type should not be added more than once. The actual impact and attack plausibility have not yet been proven...
Malicious creator can create different NFT collections with NFTs corresponding to same ipfs token URI
Lines of code Vulnerability details Impact A creator can call the following createNFTCollection function with different name, symbol, and nonce to create different NFT collections. function createNFTCollection string calldata name, string calldata symbol, uint256 nonce external returns address...
Malicious callers can replay disputes
Lines of code Vulnerability details Unlike some of the other signature based operations in the Rigor system, dispute signatures do not include a nonce and are vulnerable to replay attacks. This is similar to my finding in 339, but lower severity, since it is more of a spamming/griefing vector...
CVE-2022-0442
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...