7696 matches found
CVE-2022-2444
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...
CVE-2022-2437
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...
CVE-2022-2437
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...
CVE-2022-2437 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...
WordPress plugin Visualizer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is China Foxit Foxit company a PDF reader. A resource management error vulnerability exists in Foxit PDF Reader, which stems from a specific flaw in the handling of Annotation objects, and can be exploited by an attacker to execute code in the context of the current process...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a Resource Management Error vulnerability that stems from a specific flaw in the handling of Doc objects, which can be exploited by an attacker to execute code in the context of the current process...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a resource management error vulnerability that stems from a specific flaw in the handling of Doc objects, which can be exploited by an attacker to execute code in the context of the current process...
SAP Business Objects Data Forgery Issue Vulnerability
SAP Business Objects is a business intelligence suite from SAP Germany. A security vulnerability exists in SAP Business Objects version 420 that stems from inadequate input validation. An attacker exploits the vulnerability to submit a malicious request...
CLSA-2022-1657816650 Fixed CVE-2022-29824 in libxml2
CVE-2022-29824: fix integer overflows in xmlBuf and xmlBuffer...
Remote Code Execution (RCE)
activerecord is vulnerable to Remote Code Execution RCE. Active Record uses YAML.unsafeload to convert the YAML data in to Ruby objects allowing an attacker who can manipulate data in the database to execute malicious code remotely...
Adobe Acrobat Reader DC Doc printWithParams Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Adobe Acrobat Reader DC Annotation Polygon Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
CVE-2022-35228
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...
CVE-2022-32246
SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...
CVE-2022-31598
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity o...
CVE-2022-31598
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity o...
CVE-2022-31598
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity o...
CVE-2022-32246
SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...
CVE-2022-32246
SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...