CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

Huawei Emui Out-of-Bounds Access Vulnerability

Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. An out-of-bounds access vulnerability exists in Huawei EMUI version 12.0.0, which stems from the system's lax input parameter validation in the audio component. An attacker can exploit the vulnerabilit...

VulnCheck KEV: CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

Mageia: Security Advisory (MGASA-2018-0207)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication Bypass in ADOdb/ADOdb

Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. Patches...

CVE-2021-24865

The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue...

Denial Of Service (DoS)

sidekiq is vulnerable to denial of service. The library does not properly validate the days parameter when requesting stats for the graph, allowing an attacker to cause an application crash...

RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read

The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server PoC As a subscriber, open...

Directory traversal

Specially-crafted command line arguments can lead to arbitrary file deletion. The handledelete function does not attempt to sanitize or otherwise validate the contents of the file parameter passed to the function as argv1, allowing an authenticated attacker to supply directory traversal primitive...

The vulnerability of the activation function for software-based web conference solutions like Cisco Webex Meetings allows a perpetrator to send an email with an activation link that points to any domain.

The vulnerability of the software activation function for Cisco WebEx Meetings involves insufficient checking of parameters provided by users. Exploiting this vulnerability allows a malicious actor to send an email with an activation link to any domain...

Admidio 跨站脚本漏洞

Admidio is an open source membership management system from the Admidio team. The system supports member list, event management, guestbook, photo album and downloads.A cross-site scripting vulnerability exists in versions of Admidio prior to 4.0.12, which stems from redirect.php failing to proper...

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...

CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

Design/Logic Flaw

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

NeoRS RS10 输入验证错误漏洞

Douzone Bizon NeoRs is a remote support service from Douzone Bizon in Korea. Remote Pc can be accessed and controlled anytime, anywhere through the remote support site. A security vulnerability exists in NeoRS RS10 version, which stems from improper validation of the parameters of the StartNeoRS...

Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection

The plugin does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue PoC error-based SQLI: orderby=id AND EXTRACTVALUE4795,CONCAT0x5c,0x717a627871,SELECT ELT4795=4795,1,0x7176707071 time-bas...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Contact Form Email, which stems from...

CVE-2020-12929

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...

Huawei Emui and Magic UI parameter validation vulnerability

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have security vulnerabilities that can be exploited by attackers to compromise service integrity...