CVE-2024-35424

vmir e8117 was discovered to contain a segmentation violation via the importfunction function at /src/vmirwasmparser.c...

CVE-2024-35424

CVE-2024-35424 affects the VMIR library (e8117) with a segmentation violation in the internal function import_function at /src/vmir_wasm_parser.c. The metric data indicates a MEDIUM base score (CVSS 3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) and a HIGH impact on availability, with no confidentiali...

DEBIAN-CVE-2024-24510

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component...

UBUNTU-CVE-2024-24510

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component...

CVE-2024-24510

CVE-2024-24510 : A cross-site scripting vulnerability affects Alinto SOGo before 5.10.0. An attacker can remotely execute arbitrary code through the mail component’s import function. Affected software: Alinto SOGo up to version 5.9.x (prior to 5.10.0). Root cause: input in the import function is ...

CVE-2024-7620

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

PT-2024-38457 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import plugin for WordPress versions up to, and including, 0.9.7 Description: The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import...

PT-2024-37332 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to unauthorized data importation due to a missing capability check on the import file function. This allows authenticated attackers with...

Milesight UR32L 授权问题漏洞

Milesight UR32L is a 4G industrial router from China's StarZone IOT Milesight. An authorization issue vulnerability exists in Milesight UR32L v32.3.0.7-r2, which stems from a firmware update vulnerability in the file import function, where a specially crafted network request could result in an...

CVE-2024-3020

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is prese...

CVE-2024-3020

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is prese...

CVE-2024-3020 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is prese...

PT-2024-23248 · Shapedplugin · Carousel +3

Name of the Vulnerable Software and Affected Versions: Plugin versions up to and including 2.6.3 Description: The issue allows authenticated attackers with administrator-level access to inject a PHP Object via deserialization of untrusted input in the import function using the shortcode parameter...

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

CVE-2023-7037

A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...

PT-2023-32845 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A critical issue affects the import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and...

automad Code Issues Vulnerabilities

automad is a flat file content management system and template engine. A code issue vulnerability exists in automad 1.10.9 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the function import in the file FileController.php...

Improper Authorization in Import Question function

Description The Import Question function does not check user permissions, allowing users to import questions into any survey without requiring authorization Proof of Concept Step 1: We have user1 who has no permissions Step 2: User1 performs importing questions into the survey by creating a reque...

PT-2023-5922 · Sap · Sap Powerdesigner Client

Name of the Vulnerable Software and Affected Versions: SAP PowerDesigner Client version 16.7 Description: The issue is related to the import function of BPMN files in the Business Process Modeling BPM module of the SAP PowerDesigner enterprise architecture modeling tool. It does not sufficiently...

Arbitrary Code Execution

import-in-the-middle is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the lack of sanitization in the getSource function of hook.js, which allows an attacker to inject and execute malicious code in the import function...