3094 matches found
CVE-2022-1689
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...
CVE-2022-1690
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...
CVE-2022-1689
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...
CVE-2022-1690
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...
CVE-2022-1688
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections...
CVE-2022-1689
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...
Sql injection
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections...
WordPress plugin Note Press SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Note Press 0.1.10 and earlier versions are vulnerable to SQL injection, which stems...
WordPress plugin Note Press SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Note Press plugin 0.1.10 and earlier versions are vulnerable to SQL injection, which stems...
WordPress plugin Note Press SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. FormCraft is one of the form creation plugins used in it. WordPress plugin is an application plugin. WordPress Note Press plugin 0.1.10 and earlier...
Redmi Note 11 和 Redmi Note 9T 缓冲区错误漏洞
Xiaomi Redmi Note 11 and Redmi Note 9T are both smartphones from Chinese company Xiaomi. The Redmi Note 11 and Redmi Note 9T suffer from a security vulnerability that stems from a stack overflow. An attacker can exploit the vulnerability to conduct a denial of service attack...
CVE-2022-29620
FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability...
CVE-2022-31485 Unauthenticated homepage note modification
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-1690
The CVE-2022-1690 issue affects the WordPress plugin Note Press (versions up to 0.1.10). The underlying vulnerability is an SQL injection in admin bulk actions caused by failing to sanitize/escape IDs before embedding them in a SQL statement. Impact described across multiple sources indicates an ...
CVE-2022-1690 Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...
CVE-2022-1689 Note Press <= 0.1.10 - Admin+ SQLi via Update
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...
CVE-2022-1689
The CVE-2022-1689 entry concerns the WordPress Note Press plugin (versions
CVE-2022-1688
The Note Press WordPress plugin (versions
CVE-2022-1688 Note Press <= 0.1.10 - Admin+ SQLi via id
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections...
AZL-9890 CVE-2022-27781 affecting package curl for versions less than 7.83.1-1
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...