Nagios XI 输入验证错误漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.8.5 and prior versions, which stems from an open...

CVE-2022-21456

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Navigation Pages, Portal, Query. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

PT-2022-11859 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: laravel version 5.8.38 Description: A Remote Code Execution issue exists via an unserialize pop chain in certain functions, including destruct in RoutingPendingResourceRegistration.php, call in QueueCapsuleManager.php, and invoke in...

CVE-2022-25018

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...

PluXml 跨站脚本漏洞

PluXml is a content management system that does not require a database to work.A cross-site scripting vulnerability exists in PluXML version 5.8.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a payload in the thumbnail path of a blog post...

Tibco Ebx 跨站脚本漏洞

Tibco Ebx is a software from Tibco India that supports integration to manage enterprise data assets. A cross-site scripting vulnerability exists in TIBCO EBX, which can be exploited by an attacker to perform cross-site scripting attacks. Affected versions include TIBCO Software Inc.'s TIBCO EBX:...

DEBIAN-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

WordPress plugin SQL注入漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress has a SQL injection vulnerability in versions prior to 5.8.3, which stems from the lack of validation of externally...

Laravel Framework 操作系统命令注入漏洞

Laravel Framework is a PHP-based web application development framework by Taylor Otwell, an individual developer. A security vulnerability exists in Laravel Framework prior to version 5.8.17, which is caused by a command injection vulnerability in the software due to a lack of filtering and...

PT-2021-24068 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8 Description: The issue makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming...

ZOOM Client 缓冲区错误漏洞

ZOOM Client is a video conferencing client application from ZOOM USA that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings, which stems from the discovery of a vulnerability in Zoom Meeting Client for Android, iOS, Linux, macOS, and Windows prior to version...

ZOOM Client 安全漏洞

ZOOM Client is a video conferencing client application from ZOOM USA that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings that stems from the discovery of a buffer overflow vulnerability in Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windo...

CVE-2021-26262

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

Nagios XI 命令注入漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. Nagios XI 5.8.5 suffers from a security vulnerability that originates in the Manage Dashlets section of the...

CVE-2021-36366

Nagios XI before 5.8.5 incorrectly allows manageservices.sh wildcards...

WordPress 信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress 5.8 beta had an information disclosure vulnerability that could be exploited by an attacke...

PT-2021-4511 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8 Description: The issue allows an authenticated but low-privileged user, such as a contributor or author, to execute cross-site scripting XSS in the editor, bypassing restrictions imposed on users who do not hav...

PT-2021-4476 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 5.8 beta Description: The issue is related to authentication errors in the WordPress content management system. It allows a remote attacker to bypass existing restrictions. Authenticated users without permission to view...

PT-2021-4505 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...

CVE-2021-37352

An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link...