Lucene search
K

28 matches found

CNVD
CNVD
added 2021/05/24 12:0 a.m.8 views

Bludit File Upload Vulnerability

Bludit is an open source, lightweight blog content management system CMS. A file upload vulnerability exists in Bludit version 3.12.0, which originates from a file upload found in the file path bl-plugins backup plugin.php, and can be exploited by an attacker to gain administrator privileges and ...

7.2CVSS7.1AI score0.01102EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/04/27 12:0 a.m.19 views

404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Description The plugin is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues PoC The PoC will be displayed once the...

6.5CVSS6.1AI score0.0056EPSS
Exploits2
NVD
NVD
added 2020/02/21 4:15 p.m.22 views

CVE-2012-0063

Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan...

8.1CVSS8.3AI score0.02301EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/02/21 4:15 p.m.31 views

CVE-2012-0063

Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan...

8.1CVSS7.3AI score0.02301EPSS
Exploits0References2
Prion
Prion
added 2020/02/21 4:15 p.m.12 views

Code injection

Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan...

6.8CVSS8.2AI score0.02301EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/02/21 3:38 p.m.91 views

CVE-2012-0063

The CVE-2012-0063 entry concerns tucan up to version 0.3.10, where an insecure plugin update mechanism can enable remote attackers to perform man-in-the-middle attacks and execute arbitrary code with the user’s privileges. The affected component is the plugin update process; root cause is lack of...

8.1CVSS8.2AI score0.02301EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2019/08/22 7:15 p.m.13 views

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

7.5CVSS7.1AI score0.02016EPSS
Exploits0References1Affected Software1
Debian
Debian
added 2016/11/24 8:43 p.m.41 views

[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3724-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...

9.8CVSS10AI score0.09267EPSS
Exploits3
Rows per page
Query Builder