CVE-2017-18586

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...

CVE-2017-18586

CVE-2017-18586 affects the WordPress plugin Insert Pages (pre-3.2.4). The vulnerability is a directory-traversal flaw via custom template paths, allowing access to unintended files. Affected versions are prior to 3.2.4; remediation is to upgrade to 3.2.4 or later (plugin page: insert-pages). If e...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. An easy to exploit vulnerability allows a high privileged attacker to crash the server, or perform unauthorized udpate, insert or delete...

Authorization Bypass

mysql is vulnerable to authorization bypass. An easily exploitable vulnerability allows a low privileged attacker to perform unauthorized update, insert or delete of data and cause a denial of service condition...

Authorization Bypass

mysql is vulnerable to authorization bypass. An easily exploitable vulnerability allows a high privileged attacker to perform unauthorized update, insert or delete...

CVE-2019-11198

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

CVE-2019-11198

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

CVE-2019-11198

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

Automattic: Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://*your-subdomain*.survey.fm

Steps: 1. Go to https://app.crowdsignal.com/dashboard and click Create a New Quiz 2. Add Multiple Choice to your page and click image button, upload a photo and click upload. 3. Start the burp suite and click Save button. Look at the request poc1.png and you will see mediacode= parameter. It will...

PostgreSQL 11.x < 11.3 Memory Disclosure Vulnerability - Windows

PostgreSQL is prone to a memory disclosure vulnerability in the partition routing. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle MySQL Server Component Access Control Error Vulnerability (CNVD-2019-26533)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An Access Control Error vulnerability exists in the InnoDB component of the MySQL Server component in Oracle MySQL, version 8.0.16 and earlier. An...

Insert or Embed Articulate Content into WordPress plugin <= 4.2998 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability found in Insert or Embed Articulate Content into WordPress plugin versions = 4.2998. Solution Update the Insert or Embed Articulate Content into WordPress plugin to the latest available version at least 4.2999...

WordPress plugin Insert or Embed Articulate Content into WordPress remote code execution vulnerability (CNVD-2019-22391)

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A remote code execution vulnerability exists in the WordPress plugin Insert or Embed...

Cross-Site Request Forgery (CSRF)

phpMyAdmin is vulnerable to cross-site request forgery CSRF. The readCredentials function in AuthenticationCookie plugin uses $REQUEST instead of $POST. This allows an attacker to trick a user and deliver malicious payload, through statements such as INSERT or DELETE, to the victim...

UBUNTU-CVE-2019-12616

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...

UBUNTU-CVE-2019-12379

An issue was discovered in coninsertunipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue...

PT-2019-6460 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.1.5 Description: The issue is related to the con insert unipair function in the drivers/tty/vt/consolemap.c component of the Linux kernel, which is associated with incorrect memory deallocation before removing...

Privilege Escalation

PostgreSQL is vulnerable to privilege escalation vulnerability. This is because INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL. A low privileged attacker without full read access but with both INSERT and UPDATE access could read the sensitive information of the table contents...

Authorization Bypass

Postgresql is vulnerable to authorization bypass vulnerability. This is because PostgreSQL fails to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE", certain "INSERT" and limited "UPDATE" privileges to a particula...