WordPress Download Plugins and Themes in ZIP from Dashboard plugin <= 1.9.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Download Plugins and Themes from Dashboard versions = 1.9.1...

CVE-2023-37154

checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been categorized both as fixed in e8810de, and as intended behavior...

CVE-2023-37154

checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been categorized both as fixed in e8810de, and as intended behavior...

UBUNTU-CVE-2023-37154

checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been categorized both as fixed in e8810de, and as intended behavior...

RHSA-2024:7818 Red Hat Security Advisory: containernetworking-plugins security update

Bulletin has no description...

RHSA-2024:7792 Red Hat Security Advisory: containernetworking-plugins security update

Bulletin has no description...

[SECURITY] Fedora 41 Update: perl-App-cpanminus-1.7047-5.fc41

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM...

Syracom Secure Login 安全漏洞

Syracom Secure Login is a secure login plugin from Syracom. A security vulnerability exists in Syracom Secure Login that originates from a brute-force breaking of a secondary authentication PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint...

Nagios Plugins 安全漏洞

Nagios Plugins is an open source plugin from the Nagios Plugins Project. A security vulnerability exists in Nagios Plugins version 2.4.5 that originates from allowing arbitrary commands to be executed via ProxyCommand, LocalCommand, and PermitLocalCommand...

CVE-2023-37154

checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been categorized both as fixed in e8810de, and as intended behavior...

CentOS 7 : containernetworking-plugins (RHSA-2020:0406)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0406 advisory. - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2551)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2577)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : containernetworking-plugins (RHSA-2020:2684)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2684 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to...

CentOS 7 : libreoffice (RHSA-2024:3304)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3304 advisory. - Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer...

Command Injection

@saltcorn/plugins-loader is vulnerable to command injection. The vulnerability is due to the lack of input validation on the user-controlled value req.body.name, allows users with admin permissions to manipulate the input by adding escaping characters, thereby executing arbitrary commands when th...

RHEL 9 : containernetworking-plugins (RHSA-2024:7792)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:7792 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfaces in Lin...

RHEL 9 : containernetworking-plugins (RHSA-2024:7818)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:7818 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfaces in Lin...

GHSA-V66G-P9X6-V98P PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file

Summary One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. Details The following code in 45Quadraticequationsolver.php concatenates the user supplied...

PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file

Summary One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. Details The following code in 45Quadraticequationsolver.php concatenates the user supplied...