1925 matches found
UBUNTU-CVE-2022-21539
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...
Fixed 7 CVEs in vim
CVE-2022-2206: adjust cmdlinerow and msgrow to the value of Rows - CVE-2022-2284: stop visual mode when closing a window - CVE-2022-2285: put a NUL after the typeahead - CVE-2022-2286: check the length of the string - CVE-2022-2287: disallow adding a word with control characters or a trailing...
Angular 跨站脚本漏洞
Angular is a development platform. It is used to build mobile and desktop web applications using Typescript / JavaScript and other languages. A cross-site scripting vulnerability exists in Angular, which stems from an insecure page cache in Internet Explorer that allows the insertion of textarea...
GSD-2022-1003929 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.246 by commit...
GSD-2022-1003813 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.197 by commit...
GSD-2022-1003656 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.120 by commit...
GSD-2022-1003453 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.45 by commit...
Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient As a contributor, create/edit a download and pu...
WordPress WP Simple Adsense Insertion plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...
WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...
CVE-2022-1695
CVE-2022-1695 affects the WordPress plugin WP Simple Adsense Insertion (before 2.1). The root cause is the absence of CSRF checks on updates to the plugin’s admin page, enabling an attacker to trick a logged-in user into submitting a form that can manipulate ads and inject arbitrary JavaScript. P...
Notionterm - Embed Reverse Shell In Notion Pages
Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...
Alkacon OpenCMS XSS via New User module
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
Improper Output Neutralization for Logs in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
GHSA-545F-PGP7-FWJF Log value insertion in craftercms
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator...
Log value insertion in craftercms
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator...
GHSA-7M8V-W6F9-Q2F9 Cross-site Scripting in Jenkins Rebuilder Plugin
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly,...
golang.org/x/net/html NULL Pointer Dereference vulnerability
The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...