CVE-2022-4483 Insert Pages < 3.7.5 - Contributor+ Stored XSS

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

PT-2023-14558 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.5 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This ...

WordPress plugin Insert Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2015-10045

A vulnerability, which was classified as critical, was found in tutrantta projecttodolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. ...

Sql injection

A vulnerability, which was classified as critical, was found in tutrantta projecttodolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. ...

PT-2023-10224 · Unknown · Tutranta Project Todolist

Name of the Vulnerable Software and Affected Versions: tutranta project todolist affected versions not specified Description: A critical issue was found in the tutrantta project todolist, affecting the getAffectedRows/where/insert/update function in the library/Database.php library. This issue...

project_todolist SQL注入漏洞

projecttodolist is an application by tutrantta individual developers. A SQL injection vulnerability exists in tutrantta projecttodolist, which originates from the function getAffectedRows/where/insert/update in the library library/Database.php, the operation of which results in SQL injection...

PT-2023-9426 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the nilfs2 component of the Linux kernel. It occurs when nilfs2 reads a corrupted disk image and attempts to read a b-tree node block using an invalid...

PT-2023-10812

Name of the Vulnerable Software and Affected Versions roxlukas LMeve versions up to 0.1.58 Description A critical issue affects the function insert log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to SQL injection. Recommendations For versions up to 0.1.58,...

Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a...

Insert Pages < 3.7.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit: inse...

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

CVE-2022-28228

Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash...

CVE-2022-28228

Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash...

Design/Logic Flaw

Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash...

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...

PT-2022-18889 · Unknown · Ydb Server

Name of the Vulnerable Software and Affected Versions: YDB server affected versions not specified Description: An out-of-bounds read was discovered in the YDB server, allowing an attacker to construct a query with an insert statement to read sensitive information from other memory locations or...

CVE-2022-28228

Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash...

YDB 缓冲区错误漏洞

YDB is an open source distributed SQL database from YDB Platform Open Source. YDB has a security vulnerability that stems from the fact that an attacker can construct a query using an insert statement to achieve an out-of-bounds read resulting in reading sensitive information from other memory...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of...