8303 matches found
CVE-2022-4166
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...
CVE-2022-4160
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...
CVE-2022-4165
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4157
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4157
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4227
The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site...
CVE-2022-4163
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with ...
CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4150
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
Cross site request forgery (csrf)
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive...
AZL-45375 CVE-2021-38561 affecting package containernetworking-plugins for versions less than 1.6.1-4
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
leanote vulnerable to cross-site scripting
A vulnerability, which was classified as problematic, has been found in leanote. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of t...
WordPress Plugins Detected
This is an informational notice that the scanner was able to detect one or more installed WordPress plugins. No source data...
SUSE: Security Advisory (SUSE-SU-2022:4593-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2022:4593-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4593-1 advisory. - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load...
SUSE-SU-2022:4593-1 Security update for cni-plugins
This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961...
CVE-2022-32749 Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins
Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3...
CVE-2022-4555
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...
CVE-2022-4555
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...