5 matches found
Ignite Realtime Openfire allows Cross-site Scripting
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. This issue was fixed in version 4.4.2...
ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload
The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...
CVE-2020-5284
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory .next. This does not affect files outside of the dist directory .next. In general, the dist directory only holds build assets unless your applicatio...
CVE-2019-1000005
mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim...
Microweber 0.905 - Error Based SQL Injection
No description provided by source. =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...