Lucene search
K

123 matches found

CNNVD
CNNVD
added 2022/07/30 12:0 a.m.5 views

WordPress plugin Gutenberg 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

3CVSS4.7AI score0.00575EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/07/30 12:0 a.m.4 views

PT-2022-21956 · WordPress · Gutenberg

Name of the Vulnerable Software and Affected Versions: Gutenberg plugin versions through 13.7.3 for WordPress Description: The issue allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. The XSS payload does not execute in the context of the WordPress...

3CVSS3.7AI score0.00575EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.5 views

PT-2022-14230 · WordPress · Import Export All Wordpress Images

Name of the Vulnerable Software and Affected Versions: Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3 Description: The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as...

7.2CVSS6.9AI score0.0126EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/09/22 9:6 a.m.6 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/09/22 8:55 a.m.4 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
OSV
OSV
added 2021/09/07 7:15 p.m.18 views

CVE-2021-39195

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

6.5CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2021/09/07 7:15 p.m.19 views

Server side request forgery (ssrf)

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

4CVSS6.3AI score0.01062EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/10 4:37 p.m.2 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/07/28 8:38 a.m.3 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/07/28 8:36 a.m.4 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
OSV
OSV
added 2021/07/14 2:15 p.m.4 views

CVE-2021-33213

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...

6.5CVSS5.8AI score0.01304EPSS
Exploits1References2
Prion
Prion
added 2021/07/14 2:15 p.m.21 views

Server side request forgery (ssrf)

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...

4CVSS6.2AI score0.01304EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/14 1:40 p.m.36 views

CVE-2021-33213

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...

6.4AI score0.01304EPSS
Exploits1References2
CVE
CVE
added 2021/07/14 1:40 p.m.46 views

CVE-2021-33213

The CVE-2021-33213 entry documents an SSRF in Elements-IT HTTP Commander 5.3.3, specifically in the Upload from URL feature. When authenticated, an attacker can supply an internal address to retrieve HTTP/FTP resources from the internal network, exposing internal resources. Root cause: SSRF in th...

6.5CVSS6.2AI score0.01304EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/23 12:0 a.m.11 views

PT-2021-5825 · Unknown +8 · Hosted-Git-Info +8

Name of the Vulnerable Software and Affected Versions: hosted-git-info versions prior to 3.0.8 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the fromUrl function in index.js. This occurs due to the shortcutMatch regular expression, which exhibits polynomial...

9.8CVSS6.5AI score0.69062EPSS
Exploits9References130
OSV
OSV
added 2019/12/30 8:15 p.m.16 views

CVE-2019-16790

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted...

8.8CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2019/12/30 8:15 p.m.16 views

Remote code execution

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted...

6.5CVSS8.9AI score0.01243EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/30 7:15 p.m.24 views

CVE-2019-16790 Remote Code Execution in Tiny File Manager

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted...

6.5CVSS9AI score0.01243EPSS
Exploits0References2
CVE
CVE
added 2019/12/30 7:15 p.m.83 views

CVE-2019-16790

In Tiny File Manager, versions prior to 2.3.9 are affected by a remote code execution vulnerability exploitable via Upload from URL and Edit/Rename operations. The issue impacts authenticated users, with affected components being the Upload from URL and file-edit/rename paths. Root cause details ...

8.8CVSS7.9AI score0.01243EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2018/10/02 12:0 a.m.12 views

Microsoft Office: Saved from URL

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officesavedfromurl.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Saved from URL Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

7.3AI score
Exploits0
Rows per page
Query Builder