WordPress plugin Context Blog 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Context Blog. The...

EUVD-2017-8259

Malware in sbrugna...

EUVD-2023-54021

Malicious code in bioql PyPI...

CVE-2024-8853

Vulnerability summary (CVE-2024-8853) The Webo-facto plugin for WordPress is affected in versions up to and including 1.40. The root cause is an insufficient restriction on the doSsoAuthentification function, enabling unauthenticated attackers to escalate privileges by registering with a username...

CVE-2023-49930

An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted...

CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

WordPress Plugin WP Project Manager Permission License and Access Control Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A permission permission and...

CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

Design/Logic Flaw

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

CVE-2023-2833 ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

CVE-2023-31460

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters...

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 8 : java-1.8.0-ibm (RHSA-2019:2590)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2590 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

RHEL 6 : java-1.8.0-openjdk (RHSA-2019:1811)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1811 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes

Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...

CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes

Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...