CVE-2024-13155

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

Security Bulletin: Vulnerability in ZooKeeper affects IBM Process Mining CVE-2023-44981

Summary There is a vulnerability in ZooKeeper that could allow an attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44981...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-11023, CVE-2020-11022

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation o...

Microsoft Netlogon Vulnerability (CVE-2020-1472 – Zerologon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

Update October 1, 2020: Microsoft has added step-by-step Zerologon patching instructions because the original instructions "proved confusing to users and may have caused issues with other business operations." Update October 1, 2020: Qualys released new QID 91680 to add a remote unauthenticated...

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

osTicket 1.6 RC4 Admin Login Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== osTicket 1.6 RC4 Admin Login Blind SQL Injection Vulnerability ============================================================== nGenuity Information Services - Security Advisory...

osTicket 1.6 RC4 - Admin Login Blind SQL Injection

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

Application Enhancer (APE) 2.0.2 Local Privilege Escalation Exploit

No description provided by source. !/usr/bin/ruby Exploit Of The Apes: A practical pwnage for Application UNEnhancer aka APU c 2006 LMH lmh at info-pull.com and Johnny Pwnerseed. This goes dedicated to macdev. For the childish flaming and great brain lag. Lesson: Don't talk about stuff you have N...