239 matches found
minify:minify-number-fuzzer: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5729119573377024 Project: minify Fuzzing Engine: libFuzzer Fuzz Target: minify-number-fuzzer Job Type: libfuzzerasanminify Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000772e Crash State: NULL Sanitizer: address ASAN...
minify:minify-json-fuzzer: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=4834688064815104 Project: minify Fuzzing Engine: libFuzzer Fuzz Target: minify-json-fuzzer Job Type: libfuzzerasanminify Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000893987e Crash State: NULL Sanitizer: address ASAN Recommend...
Accelerate SVG Delivery with Ion (A2)
As of March 2020, all Akamai Ion customers will benefit automatically from the more powerful Brotli/Zopfli compression algorithm for delivering their SVG files. The benefit of fewer SVG bytes is a positive impact on your visual performance KPIs First Meaningful Paint, Time to Visually Ready,...
Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete
The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...
WordPress Merge + Minify + Refresh plugin <= 1.10.6 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by NinTechNet in WordPress Merge + Minify + Refresh plugin versions = 1.10.6. Solution Update the WordPress Merge + Minify + Refresh plugin to the latest available version at least 1.10.7...
CVE-2019-19983
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
Design/Logic Flaw
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
CVE-2019-19983
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
CVE-2019-19983
The CVE-2019-19983 vulnerability affects the WordPress plugin Fast Velocity Minify (before 2.7.7). The issue arises from the plugin exposing the full web root path of the WordPress installation, enabling an attacker to discover sensitive filesystem information when FVM Debug Mode is enabled and a...
Fast Velocity Minify Full Path Leakage Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site.Fast Velocity Minify is used in which an open source page content fast loading plugin . A security vulnerability exists in...
Fast Velocity Minify < 2.7.7 - Full Path Disclosure
The Fast Velocity Minify WordPress plugin was affected by a Full Path Disclosure security vulnerability...
Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool
Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...
Minify and related plugins DOM-Based XSS Vulnerability
+-------------------------------------------------------------------------------------------+ Title : Minify and related plugins DOM-Based XSS Vulnerability Version : 2.1.3 & 2.1.4-Beta Credit : Ayoub Aboukir, Independent Security Researcher Contact : ay.aboukir at gmail d0t com Software Link :...
Minify 2.1.3 Cross Site Scripting
+-------------------------------------------------------------------------------------------+ Title : Minify and related plugins DOM-Based XSS Vulnerability Version : 2.1.3 & 2.1.4-Beta Credit : Ayoub Aboukir, Independent Security Researcher Contact : Software Link :...
Minify 2.1.x - g Cross-Site Scripting
Minify 2.1.x - g Cross-Site Scripting source: https://www.securityfocus.com/bid/52672/info Minify is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...
Minify 2.1.x - 'g' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52672/info Minify is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
CVE-2011-3812
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files...
Information disclosure
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files...
CVE-2011-3812
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files...