Lucene search
K

168 matches found

Prion
Prion
added 2021/10/25 2:15 p.m.15 views

Sql injection

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

6.5CVSS7.4AI score0.013EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/10/25 1:20 p.m.46 views

CVE-2021-24662

CVE-2021-24662 affects the WordPress plugin Game Server Status (

7.2CVSS7.3AI score0.013EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.3 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in the WordPress plugin Game Server Status prior to version 1.0. The...

7.2CVSS7.2AI score0.013EPSS
Exploits2References2
CVE
CVE
added 2021/10/06 8:5 p.m.111 views

CVE-2021-41129

CVE-2021-41129 affects Pterodactyl Panel. A validation flaw in the two‑factor authentication flow (LoginCheckpointController@__invoke) allows a malicious user to alter the confirmation_token to reference a cache entry containing a user_id, potentially authenticating as an arbitrary user with two‑...

8.1CVSS8.1AI score0.01696EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.10 views

Game Server Status <= 1.0 - Contributor+ SQL Injection

The plugin does not validate or escape the server id shortcode attribute before using it in a SQL statement, allowing any user with a role as low as contributor to perform SQL Injection attacks PoC As a contributor or above, put the below shortcode in a page/post and view/preview it game-servers...

2.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.10 views

Game Server Status <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Game Server data, which could allow high privilege users such as admin to perform Cross-Site Scripting even when the unfiletredhtml is disallowed PoC Create/Edit a Game Server and add the following payload as Server name: Test"...

2.2AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.525 views

Game Server Status <= 1.0 - Contributor+ SQL Injection

The plugin does not validate or escape the server id shortcode attribute before using it in a SQL statement, allowing any user with a role as low as contributor to perform SQL Injection attacks As a contributor or above, put the below shortcode in a page/post and view/preview it game-servers...

1.4AI score
Exploits0
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.14 views

WordPress Game Server Status plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Game Server Status plugin versions = 1.0. Solution This plugin has been closed as of August 20, 2021 and is not available for download. This closure is temporary, pending a full review...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.23 views

WordPress Game Server Status plugin <= 1.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered Neppah in WordPress Game Server Status plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of August 20, 2021 and is not available for download. This closure is temporary, pending a full review...

7.2CVSS3.5AI score0.013EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.536 views

Game Server Status <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Game Server data, which could allow high privilege users such as admin to perform Cross-Site Scripting even when the unfiletredhtml is disallowed Create/Edit a Game Server and add the following payload as Server name: Test"alert/XSS/...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.594 views

Game Server Status <= 1.0 - Admin+ SQL Injection

The plugin does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&serverid=1" -p serverid --dbms mysql --cookie your cookie...

7.2CVSS1.6AI score0.013EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.22 views

Game Server Status <= 1.0 - Admin+ SQL Injection

The plugin does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page PoC sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-serversid=1" -p serverid --dbms mysql --cookie your cookie...

7.2CVSS0.2AI score0.013EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.6 views

WordPress Game Server Status plugin <= 1.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by WPScanTeam in WordPress Game Server Status plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of August 20, 2021 and is not available for download. This closure is temporary, pending a full review...

3.5AI score
Exploits0References2Affected Software1
HackRead
HackRead
added 2020/12/13 8:27 p.m.42 views

Steam vulnerabilities allowed remote take over of users’ computers

By Waqas In total, CheckPoint researchers found 4 vulnerabilities all allowing attackers to harm Steam and those using 3rd party game server. This is a post from HackRead.com Read the original post: Steam vulnerabilities allowed remote take over of users computers...

4.1AI score
Exploits0
Prion
Prion
added 2020/09/23 3:15 p.m.18 views

Integer overflow

An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory...

5CVSS7.5AI score0.01108EPSS
Exploits1References1Affected Software1
Debian
Debian
added 2020/09/14 6:23 p.m.58 views

[SECURITY] [DSA 4763-1] teeworlds security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4763-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 14, 2020 https://www.debian.org/security/faq -...

7.8CVSS7.5AI score0.02957EPSS
Exploits0
OSV
OSV
added 2019/12/02 6:16 p.m.32 views

GHSA-4X6V-RWH4-55JW Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS5.2AI score0.01157EPSS
Exploits1References3
OSV
OSV
added 2019/11/14 12:15 a.m.13 views

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2019/11/14 12:15 a.m.17 views

Xxe

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5CVSS5.3AI score0.01157EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2019/08/22 6:24 p.m.388 views

Roblox: Malformed string sent through FireServer leads to server freezing/hanging

This was found an hour ago so if I get any information wrong, please comment and I'll get back to you! A cheater/exploiter can hang any Roblox gameserver due to a 5 line script which sends a big malformed string through SayMessageRequest resulting in the server to hang itself. This works in any...

6.5AI score
Exploits0
Rows per page
Query Builder