123 matches found
WordPress plugin Gutenberg 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2022-21956 · WordPress · Gutenberg
Name of the Vulnerable Software and Affected Versions: Gutenberg plugin versions through 13.7.3 for WordPress Description: The issue allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. The XSS payload does not execute in the context of the WordPress...
PT-2022-14230 · WordPress · Import Export All Wordpress Images
Name of the Vulnerable Software and Affected Versions: Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3 Description: The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
CVE-2021-39195
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...
Server side request forgery (ssrf)
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
Server side request forgery (ssrf)
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
CVE-2021-33213
The CVE-2021-33213 entry documents an SSRF in Elements-IT HTTP Commander 5.3.3, specifically in the Upload from URL feature. When authenticated, an attacker can supply an internal address to retrieve HTTP/FTP resources from the internal network, exposing internal resources. Root cause: SSRF in th...
PT-2021-5825 · Unknown +8 · Hosted-Git-Info +8
Name of the Vulnerable Software and Affected Versions: hosted-git-info versions prior to 3.0.8 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the fromUrl function in index.js. This occurs due to the shortcutMatch regular expression, which exhibits polynomial...
CVE-2019-16790
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted...
Remote code execution
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted...
CVE-2019-16790 Remote Code Execution in Tiny File Manager
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted...
CVE-2019-16790
In Tiny File Manager, versions prior to 2.3.9 are affected by a remote code execution vulnerability exploitable via Upload from URL and Edit/Rename operations. The issue impacts authenticated users, with affected components being the Upload from URL and file-edit/rename paths. Root cause details ...
Microsoft Office: Saved from URL
This test checks the setting for policy OpenVAS Vulnerability Test $Id: officesavedfromurl.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Saved from URL Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...