CVE-2024-7568

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the outputsubadminpage0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on...

Juzaweb CMS Injection Vulnerability

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS v.3.4 and earlier versions, which originated from a vulnerability that allows remote attackers to execute arbitrary...

GHSA-2CRC-5VQ6-386R Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code...

record-like-deep-assign 代码问题漏洞

record-like-deep-assign is a package. A code issue vulnerability exists in record-like-deep-assign that stems from a prototype contamination affecting key functionality within the plugin. No details of the vulnerability are provided at this time...

Information disclosure

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

Magento Code Execution Vulnerability (CNVD-2019-40830)

Magento is an open source PHP e-commerce system from the U.S. company Magento. A code execution vulnerability exists in Magento. An attacker can exploit this vulnerability to execute arbitrary code using plugin functionality related to email templates...

CVE-2017-6816

In WordPress before 4.7.3 wp-admin/plugins.php, unintended files can be deleted by administrators using the plugin deletion functionality...

ElasticSearch exposure local arbitrary file read vulnerability, impact 1. 4. 5 and 1. 5. Before 2 all versions-bug warning-the black bar safety net

! Recently in exploit-db on the aerator out of the ElasticSearch plug-in functionality directory traversal Path Transversal cause local arbitrary file read vulnerability, impact 1. 4. 5 and 1. 5. Before 2 All version. In zoomeye on casually looking for a few tried, found vulnerabilities in the ar...

JAKCMS PRO <= 2.2.5 Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications Exploit Title: JAKCMS PRO = 2.2.5 Remote Arbitrary File Upload Exploit Google Dork: "Powered By JAKCMS" Date: 21/09/2011 Author: EgiX Software Link: http://www.jakcms.com/ Version: 2.2.5 Tested on: Windows 7 and Debian 6.0.2 ?php /...

CVE-2009-2716

CVE-2009-2716 is referenced by multiple vulnerability feeds as addressed by Java/JRE updates in VMware advisories (VMSA-2009-0016, VMSA-2010-0002) and by OpenVAS entries. The linked documents confirm that CVE-2009-2716 is among the CVEs fixed in JRE/JDK updates, specifically in Sun Java JRE 1.5.x...