PT-2019-6462 · Mikrotik +1 · Mikrotik +1

Name of the Vulnerable Software and Affected Versions: MikroTik versions 0.4a mk through 2.0a MikroTik versions 2.0.0 through 2.5.5 Description: The issue is related to improper certificate validation in the Checkmk Exchange plugin for MikroTik routers, which can allow an attacker to intercept...

WordPress TechyTalk Quick Chat Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.TechyTalk Quick Chat is an online chat plugin used in it. A SQL injection vulnerability exists in the 'likeescape' function of the...

MyBB JN-Jones MyBB-2FA plugin cross-site request forgery vulnerability

MyBB MyBulletinBoard is the MyBB team developed a set of PHP and MySQL development of free and Web-based forum software. The software is easy to use , support for multiple languages , scalable and so on.JN-Jones MyBB-2FA plugin is used in which a two-factor authentication plugin . A cross-site...

CloudBees Jenkins Dependency Graph Viewer plugin cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...

CVE-2019-13414

The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontrewidget.php...

WP Like Button <= 1.6.0 - Auth Bypass

Authentication Bypass vulnerability in the WP Like Button Free plugin version 1.6.0 allows unauthenticated attackers to change the settings of the plugin. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any unauthenticate...

WordPress plugin Insert or Embed Articulate Content into WordPress remote code execution vulnerability (CNVD-2019-22391)

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A remote code execution vulnerability exists in the WordPress plugin Insert or Embed...

Micro Deal Factory SQL Injection Vulnerability in Joomla!

Joomla! is a U.S. Open Source Matters team using PHP and MySQL development of a set of open source, cross-platform content management system CMS. Micro Deal Factory is used in one of the web marketing promotion plug-ins. A SQL injection vulnerability exists in Joomla! The vulnerability stems from...

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A remote code execution vulnerability exists in the WordPress plugin Insert or Embed...

WordPress Contest Gallery Plugin Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Contest Gallery plugin is a plugin for uploading and displaying images. A cross-site request forgery vulnerability exists in WordPress...

CloudBees Jenkins ElectricFlow Plugin Cross-Site Scripting Vulnerability (CNVD-2019-22636)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . ElectricFlow Plugin is used in one of the...

WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution

Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Date: june 2019 Exploit Author: xulchibalraa Vendor Homepage:...

GHSA-HP5R-MHGP-56C9 Cross-site Scriptin in JSPWiki

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable...

WordPress ZOHO SalesIQ Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ZOHO SalesIQ is a live chat customer support plugin used in it. A cross-site request forgery vulnerability exists in WordPress ZOHO...

CVE-2019-10078

CVE-2019-10078 affects Apache JSPWiki (versions 2.9.0 through 2.11.0.M3). A carefully crafted plugin link invocation can trigger a cross-site scripting (XSS) vulnerability, leading to possible session hijacking. Multiple plugins were implicated, not just ReferredPagesPlugin, according to initial ...

Cross site scripting

ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...

Design/Logic Flaw

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

UBUNTU-CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...