PT-2024-21597 · WordPress · Socialdriver-Framework

Name of the Vulnerable Software and Affected Versions: socialdriver-framework WordPress plugin versions prior to 2024.04.30 Description: The issue concerns the socialdriver-framework WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privileg...

File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Multiple inputs in the plugin's settings -- fo...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

PYSEC-2021-44

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this...

Fedora 31 : firefox (2020-38b5ecdd73)

Added fixes for mozbz1661192, mozbz1640567 Wayland popup issues - Enabled build with PGO ---- - New upstream version 81.0.1 ---- - Disabled OpenH264 download from mozilla - Removed fdk-aac-free dependency ---- - Fixed usage of OpenH264 - Don't download OpenH264 from Cisco but use Fedora packages...

CentOS 7 : 389-ds-base (CESA-2019:1896)

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

UBUNTU-CVE-2019-10103

JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101...

Recommended update for chromium (important)

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...

WordPress ALO EasyMail NewsLetter 2.9.2 Plugin - Cross-Site Request Forgery (Add/Import Arbitrary Su

Exploit for php platform in category web applications Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker...

Fedora 18 : gimp-2.8.10-4.fc18 (2013-22771)

Overview of Changes from GIMP 2.8.8 to GIMP 2.8.10 ================================================== GUI : - Indicate if a file was exported in the Quit dialog - Add shortcuts and hint labels to the close and quit dialogs that make closing and quitting easier and more consistent - Rename the...

CentOS 6 : 389-ds-base (CESA-2013:0628)

Updated 389-ds-base packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Mandriva Update for totem MDVA-2010:126 (totem)

Check for the Version of totem OpenVAS Vulnerability Test Mandriva Update for totem MDVA-2010:126 totem Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Core 10 FEDORA-2009-4083 (epiphany)

The remote host is missing an update to epiphany announced via advisory FEDORA-2009-4083. OpenVAS Vulnerability Test $Id: fcore20094083.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-4083 epiphany Authors: Thomas Reinke Copyright: Copyright c 2009...