Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-28409 Directory traversal CWE-22 -...

WordPress plugin Snow Monkey Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal

The plugin does not validate file path, allowing unauthenticated users to upload files to arbitrary folders...

JVN#01093915: Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L| Base Score: 7.2 CVSS v2|...

WordPress Snow Monkey Forms Plugin <= 5.0.6 is vulnerable to Directory Traversal

Software Snow Monkey Forms Type Plugin Vulnerable versions = 5.0.6 Fixed in 5.0.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE N/A Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dc1f9c2285d8 Credits Unknown Required privilege...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

SUSE CVE-2006-1737

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...

SUSE CVE-2011-0057

Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection...

SUSE CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allow...

SUSE CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

GHSA-HX53-635R-VMV8 Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. Jenkins Chaos Monkey Plugin 0.4.1 requires Overall/Administer permission to...

GHSA-MR75-899X-QCXQ Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to generate load and to generate memory leaks. Jenkins Chaos Monkey Plugin 0.4 requires Overall/Administer permission to generate load and t...

Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. Jenkins Chaos Monkey Plugin 0.4.1 requires Overall/Administer permission to...

Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to generate load and to generate memory leaks. Jenkins Chaos Monkey Plugin 0.4 requires Overall/Administer permission to generate load and t...

GHSA-J6JQ-3Q8P-XGG6 Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...