eCart Multi Vendor eCommerce System 1.x Insecure Settings

==================================================================================================================================== | Title : eCart – Multi Vendor eCommerce System 1.x Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

Code injection

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

CVE-2022-4022

The CVE-2022-4022 entry concerns the WordPress SVG Support plugin (versions 2.5–2.5.1). The root cause is insecure default settings that do not sanitize SVG files containing JavaScript, permitting authenticated users with author-level privileges or higher to upload malicious SVGs that can be embe...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

WordPress plugin WP Total Hacks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in the Smooth Scroll Page...

CVE-2017-18706

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62...

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

Apache Tomcat 8.5.5 < 8.5.32 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.32. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.32security-8 advisory. - If an async request was completed by the application at the same time as the container triggered the...

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

CVE-2017-12363

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the...

SAP GUI for Java - insecure default settings

Application: SAP GUI for Java Versions Affected: SAP GUI for Java 7.40 Vendor URL: SAP Bug: Insecure default settings Reported: 15.12.2016 Vendor response: 16.12.2016 Date of Public Advisory: 09.05.2017 Reference: SAP Security Note 2448972 Authors: Dmitry Yudin ERPScan, Vahagn Vardanyan ERPScan,...

phpinfo

This plugin searches for the PHP Info file in all the directories and subdirectories that are sent as input and if it finds it will try to determine the version of the PHP. The PHP Info file holds information about the PHP and the system version, environment, modules, extensions, compilation...

Debian Security Advisory DSA 2198-1 (tex-common)

The remote host is missing an update to tex-common announced via advisory DSA 2198-1. OpenVAS Vulnerability Test $Id: deb21981.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2198-1 tex-common Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1581 / 1588 / 1591)

The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.39 fixing various bugs and security issues. The following security issues have been fixed : - A race condition during pipe open could be used by local attackers to cause a denial of service. Due to mmapminaddr protection enabled by default...

CVE-2007-6723

TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file config.txt or config that contains insecure 1 enable-remote-toggle and 2 enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration...