PT-2023-25101 · Sourcecodester · Sourcecodester Shopping Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Shopping Website version 1.0 Description: A critical issue has been found in the file insert-product.php, allowing for unrestricted upload. This can be exploited remotely. The issue has been publicly disclosed and may be used f...

CVE-2020-18418

A Cross site request forgery CSRF vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert...

PT-2023-11502 · Feifeicms · Feifeicms

Name of the Vulnerable Software and Affected Versions: FeiFeiCMS version 4.1.190209 Description: A Cross site request forgery CSRF issue was discovered, allowing attackers to create administrator accounts via the "/index.php?s=Admin-Admin-Insert" endpoint. This enables unauthorized access to the...

PT-2023-24192 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton affected versions not specified Description: BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions, a Server-Side Request Forgery SSRF vulnerability exists. Th...

All In One Redirection < 2.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. When adding a redirection, sourceurlinsert is vulnerable with the payload: sourceurlinsert...

WordPress Plugin WP Directory Kit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Security Bulletin: IBM Sterling Partner Engagement Manager vulnerable to multiple issues due to IBM Java SE

Summary IBM Java is used by IBM Sterling Partner Engagement Manager. IBM Partner Engagement Manager has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending...

Glitter Unicorn Wallpaper 安全漏洞

Glitter unicorn wallpaper is a wallpaper application. A security vulnerability exists in Glitter Unicorn Wallpaper versions 7.0 through 8.0, which stems from a vulnerability that allows an unauthorized application to actively request permissions to insert data into a database, which could allow a...

CVE-2022-47028

An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert...

PT-2023-15137 · Unknown · Action Launcher

Name of the Vulnerable Software and Affected Versions: Action Launcher for Android version 50.5 Description: An issue in Action Launcher for Android allows an attacker to cause a denial of service via arbitrary data injection to the insert function. Recommendations: For Action Launcher for Androi...

CVE-2023-26818

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLDINSERTLIBRARIES flag...

PT-2024-11839 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the netfilter conntrack module. The issue occurs when nf conntrack hash check insert fails in nf ct ext valid pre/post,...

CVE-2023-25461

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in namithjawahar Wp-Insert plugin = 2.5.0 versions...

CVE-2023-25461 WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in namithjawahar Wp-Insert plugin = 2.5.0 versions...

CVE-2023-25461

CVE-2023-25461 affects namithjawahar Wp-Insert plugin

CVE-2023-25461 WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in namithjawahar Wp-Insert plugin = 2.5.0 versions...

WordPress plugin Wp-Insert 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-20079 · WordPress · Wp-Insert

Name of the Vulnerable Software and Affected Versions: namithjawahar Wp-Insert plugin versions = 2.5.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions = 2.5.0, update to a versi...

CVE-2023-21992

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Administer Workforce. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle USA. The product includes core banking, online banking and estate management. A security vulnerability exists in Oracle Banking Payments version 14.5, version 14.6, and version 14.7 of Oracle Financial...