1516 matches found
CVE-2023-41100
An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...
CVE-2021-24916
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action...
WordPress plugin Qubely security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-12071
Name of the Vulnerable Software and Affected Versions Qubely WordPress plugin versions prior to 1.8.6 Description The issue allows an unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely send form data AJAX action. Recommendations For versions prior to 1.8.6, updat...
WordPress Forminator 1.24.6 Shell Upload
Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...
Security Bulletin: Vulnerability in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-25577, CVE-2023-23934)
Summary Vulnerabilities in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Werkzeug allowing remote attacker to bypass security restrictions and denial of service. Vulnerability Details CVEID:CVE-2023-23934 DESCRIPTION: Pallets Werkzeug could allow a remote...
CVE-2022-46899
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...
CVE-2022-46899
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...
Design/Logic Flaw
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...
PT-2023-15100 · Vocera · Vocera Voice Server +1
Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Arbitrary File Upload. The BaseController class, which each of the service controllers derives from, permits the upload of...
CVE-2022-46899
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...
Vocera Report Server 代码问题漏洞
Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by the Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the BaseController...
Clarity PPM 14.3.0.298 Cross Site Scripting
================================================================================================================================== Title : Insufficient input validation , in CA PPM 14.3 allows remote attackers to execute stored cross-site scripting attacks. | Author : Kaizen | Tested on : windows...
FuguHub 8.1 - Remote Code Execution
Exploit Title: FuguHub 8.1 - Remote Code Execution Date: 6/24/2023 Exploit Author: redfire359 Vendor Homepage: https://fuguhub.com/ Software Link: https://fuguhub.com/download.lsp Version: 8.1 Tested on: Ubuntu 22.04.1 CVE : CVE-2023-24078 import requests from bs4 import BeautifulSoup import...
CVE-2023-3249
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...
Web3 – Crypto wallet Login & NFT token gating < 2.7.0 - Authentication Bypass
The plugin does not properly perform authentication in the 'hiddenformdata' function, allowing an unauthenticated user to log in as any existing user on the site, such as an administrator, if they have access to the username...
CVE-2020-18406
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...
CVE-2020-18406
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...
PT-2023-11496 · Cmseasy · Cmseasy
Name of the Vulnerable Software and Affected Versions: cmseasy version 7.0.0 Description: An issue was discovered that allows user credentials to be sent in clear text due to no encryption of form data. Recommendations: For cmseasy version 7.0.0, consider implementing encryption for form data to...
CVE-2020-18406
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...