5 matches found
WordPress WPQAs plugin authorization issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress WPQAs plugin versions prior to 5.2 are vulnerable to an authorization issue that stems...
CVE-2021-26317
CVE-2021-26317: The AMD SMM protocol verification failure allows an attacker to take control of the SMM protocol and modify SPI flash, potentially enabling arbitrary code execution. Public documentation ties this to AMD’s SMM/ASP/SEV family and lists it among AMD client vulnerabilities with a hig...
Design/Logic Flaw
Easy Hosting Control Panel EHCP v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password...
CVE-2014-3706
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates...
Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE
The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...