85 matches found
CVE-2024-12843
CVE-2024-12843 affects Emlog Pro up to version 2.4.1. The vulnerability stems from manipulation of the filter parameter in the file /admin/plugin.php , enabling a cross-site scripting (XSS) condition. The issue is exploitable remotely and the exploit has been disclosed publicly. Multiple connecte...
PT-2024-17762 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problem has been found in Emlog Pro that affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be...
CVE-2024-56054 WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...
FrogCms 安全漏洞
FrogCms is an HTTP server by philippe personal developer. A security vulnerability exists in FrogCms version V0.9.5, which originates from an HTTP server initiated via /admin/? /plugin/filemanager/createdirectory initiated cross-site request forgery...
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...
The vulnerability of the api_pluginhook() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the apipluginhook function in the lib/plugin.php file of the Cacti network monitoring software is related to authentication errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerabilities of the LoadIndexFile() and DownloadIndexFile() functions in the repo package, as well as the LoadDir() function in the plugin package of the Kubernetes Helm package manager, allow a malicious actor to cause service interruptions.
The vulnerability of the LoadIndexFile and DownloadIndexFile functions in the repo package, as well as the LoadDir function in the plugin package of the Kubernetes Helm package manager, is related to the use of uninitialized variables during the processing of index.yaml and plugin.yaml files...
WordPress Plugin File Uploader 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
WordPress Plugin File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
AZL-34584 CVE-2024-26147 affecting package cert-manager for versions less than 1.12.13-1
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
AZL-34454 CVE-2024-26147 affecting package cert-manager for versions less than 1.11.2-10
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
UBUNTU-CVE-2024-26147
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
CVE-2024-26147
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
WordPress plugin and WordPress cross-site scripting vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Plugin File Manager Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-44974
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CLSA-2023-1695320045 Fix CVE(s): CVE-2023-4736
SECURITY UPDATE: An executable file with some well-known name like zip, gzip, and so on can be started from a current directory during some plugin is opening apropriate file that has a one of the extensions .zip, .gzip, .rb, and etc. This issue is effective only if the PATH environment variable h...
WordPress Plugin File Away 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-0993
The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...
CVE-2023-0993
The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...