24 matches found
CVE-2022-1904
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting...
CVE-2022-1593
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads ...
Oracle Linux 6 : openssh (ELSA-2016-0741)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0741 advisory. - CVE-2016-3115: missing sanitisation of input for X11 forwarding 1317817 Tenable has extracted the preceding description block directly from the Oracl...
openssh security update
4.3p2-82.0.2 - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices John Haxby orabug 22985024 - CVE-2016-3115: missing sanitisation of input for X11 forwarding John Haxby orabug 22985024...