WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

WordPress Core 5.0.0 - Crop-image Shell Upload

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. i...

Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting

Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the errmsg parameter freetimefailed.cgi CGI program, aka reflective cross-site scripting. id: CVE-2019-12581 info: name: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting author: n-thumann...

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection

IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...

Custom 404 Pro < 3.2.8 - Cross-Site Scripting

Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

Pandora FMS 7.0NG - Remote Command Injection

Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...

Atom CMS v2.0 - SQL Injection

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. id: CVE-2022-25488 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | Atom CMS v2.0 was discovered to contain a SQL injection...

Omnia MPX 1.5.0+r1 - Local File Inclusion

Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...

Yonyou U8 13.0 - Cross-Site Scripting

Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

Documentor <= 1.5.3 - Unauthenticated SQL Injection

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. id: CVE-2022-0773 info: name: Documentor = 1.5.3 - Unauthenticated SQL...

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery

WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

osTicket < 1.12.1 - Cross-Site Scripting

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

Allied Telesis AT-GS950/8 - Local File Inclusion

Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface. id: CVE-2019-18922 info: name: Allied Telesis AT-GS950/8 - Local File Inclusion author: 0xAkoko severity: high description: | Allied Telesis AT-GS950/8 until Firmware AT-S107...

Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...