13 matches found
PT-2025-45180
Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7 Description The software is susceptible to unauthorized API usage because of a missing capability check within the rtafar ajax function. This allows...
PT-2025-32565 · Abb · Abb Aspect
Name of the Vulnerable Software and Affected Versions: ABB Aspect versions prior to 3.08.04-s01 Description: An authorization bypass exists due to a user-controlled key. Recommendations: Update ABB Aspect to version 3.08.04-s01 or later...
PT-2025-10140 · Crates.Io · Resolve
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The software's GitHub repository has been archived with no commits for seven years, and the latest release on crates.io is also seven years old. Recommendations: At the moment, there is no...
CVE-2024-37063
A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...
ydata unsafe deserialization
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...
PT-2021-11666 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.4.8 Confluence Server versions 7.5.0 through 7.10.9 Description: The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars...
XSRF/CSRF vulnerability in phpMyAdmin
PMASA-2018-7 Announcement-ID: PMASA-2018-7 Date: 2018-12-07 Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages,...
HP Integrated Lights-Out (iLO) 4 Multiple Remote Vulnerabilities
HP Integrated Lights-Out iLO 4 is prone to multiple remote vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OpenSSH X11 Cookie 本地略过验证弱点
OpenSSH 4.6.x 及之前的版本允许本地攻击者略过验证而获得存取权, 因为无法对信任及不信任的 X11 cookies 做正确的处理, 本地攻击者可以攻击此弱点而略过验证, 获得存取权. UNIX 升级至升级至 OpenSSH 4.7 或最新版本的 OpenSSH. . OpenSSH Homepage http://www.openssh.com/ . OpenSSH release 4.7 http://www.openssh.com/txt/release-4.7...
Fedora Core 5 : iscsi-initiator-utils-5.2.0.865-0.0.fc5 (2007-589)
This update to iscsi-initiator-utils is a rebase to the upstream open-iscsi-2.0-865 release. This release includes two security fixes which are described here https://bugzilla.redhat.com/bugzilla/showbug.cgi?id=243719 bug fixes and new features. The tools in this release use a different db format...
mod_ssl hook functions format string vulnerability
The remote host is using a version vulnerable of modssl which is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host. Some vendors patched older versions of modssl, so this might b...
Opera skin zip file buffer overflow vulnerability
The remote host is using Opera - an alternative web browser. This version is vulnerable to a security weakness. A problem has been identified in the handling of zipped skin files by Opera. Because of this, it may be possible for an attacker to gain unauthorized access to a system using the...
Bugzilla remote arbitrary command execution
The remote Bugzilla bug tracking system, according to its version number, is vulnerable to arbitrary commands execution flaws due to a lack of sanitization of user-supplied data in processbug.cgi OpenVAS Vulnerability Test $Id: bugzillaremoteexec.nasl 8023 2017-12-07 08:36:26Z teissa $ Descriptio...