Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)

Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...

Withdrawal delay can be circumvented

Lines of code Vulnerability details Impact After initiating a withdrawal with initiateWithdrawal, it's still possible to transfer the collateral tokens. This can be used to create a second account, transfer the accounts to them and initiate withdrawals at a different time frame such that one of t...

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

GHSA-8GR3-2GJW-JJ7G Hidden functionality in node-ipc

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions 9.2.2...

Hidden functionality in node-ipc

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions 9.2.2...

CVE-2021-45852

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via addpatient.php...

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

Design/Logic Flaw

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

CVE-2022-0865

A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism...

AlmaLinux 8 : rpm (ALSA-2022:0368)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0368 advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding...

CVE-2022-23038

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

Ubuntu: Security Advisory (USN-5318-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30,...

ARM Mali GPU 缓冲区错误漏洞

ARM Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monitor to...

Microweber logic flaw vulnerability

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A logic flaw vulnerability exists in Microweber, which stems from an error in the business...

Auction DOS On The Bidding

Lines of code Vulnerability details Impact During the code review, It has been observed that If the bidder is contract, the bidder can make auction infunctional. Proof of Concept 1. Navigate to the following contract. 2. Auction has public function named as placeBid. 3. Example Poc steps can be...

EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1234)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1215)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

Microweber CMS v1.2.10 Local File Inclusion (Authenticated)

Microweber CMS v1.2.10 has a backup functionality. Upload and download endpoints can be combined to read any file from the filesystem. Upload function may delete the local file if the web service user has access. Module Options msf use auxiliary/gather/microweberlfi msf auxiliarymicroweberlfi sho...