CVE-2021-36909 WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin versions = 5.98 allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Plugins, which stems from The AutomatorWP WordPress plugin does no...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins requests-plugin, which stems from missing privilege checks in Jenkins requests...

jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...

CVE-2020-5968

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial ...

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

389-ds-base: Read permission check bypass via the deref plugin

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

Jenkins eggPlant Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins eggPlant. Authentication is required to exploit this vulnerability. The specific flaw exists within the eggPlant plugin. The issue results from storing credentials in plaintext. An...

Foxit Reader U3D Parsing Out-of-Bounds Read Vulnerability (CNVD-2018-25215)

Foxit Reader is China's Foxit Foxit Software Corporation of a PDF document reader. u3d plugin is one of the general 3D graphics format standard plug-ins. Foxit Reader 9.3.0.10826 version of the FoxitReader.exe file of the u3d plugin version 9.3.0.10809 security vulnerabilities. A remote attacker...

wpForo SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. wpForo plugin is used in one of the forum plugin. A SQL injection vulnerability exists in WordPress wpForo plugin...

WordPress acurax-social-media-widget plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. acurax-social-media-widget plugin is used in one of the social media links to add plug-ins. A cross-site request...

UBUNTU-CVE-2017-3637

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: X Plugin. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2017-9534

IrfanView version 4.44 32bit with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426."...

gstreamer-plugins-good: Heap buffer overflow in FLIC decoder

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

The vulnerability of the Moodle learning management system allows a hacker to trigger a service failure.

The vulnerability of the filter/mediaplugin/filter.php component of the Moodle learning management system is related to resource management errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to trigger a service failure using a specially crafted string...

flash-plugin: code execution flaw (APSB13-16)

Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before...