90 matches found
CVE-2022-1268 Donate Extra <= 2.02 - Reflected Cross-Site Scripting
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting...
CVE-2022-1465 WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-0814
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections...
Responsive Tabs < 4.0.6 - Author+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks PoC As author or above, create/edit a new Tab and put the following payload as its content:...
CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting...
Proxifier for Mac 2.19 - Local Privilege Escalation
With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...
EIN-SOF Solutions Blind SQL Injection
========================================================================= EIN-SOF Solutions BLIND SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+= +=+=+= /\ |...
Joomla Component Jgrid 1.0 Local File Inclusion Vulnerability
No description provided by source. Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability Name Jgrid Vendor http://datagrids.clubsareus.org Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date...
Joomla! Component com_spielothek 1.6.9 - Multiple Blind SQL Injections
Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection Name Spielothek Vendor http://www.spielban.de Versions Affected 1.6.9 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-31 X. INDEX I. ABOUT THE...
iScripts ReserveLogic 1.0 SQL Injection
iScripts ReserveLogic 1.0 SQL Injection Vulnerability Name iScripts ReserveLogic Vendor http://www.iscripts.com Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-01-07 X. INDEX I. ABOUT THE...