8298 matches found
CVE-2022-2594
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced i...
Classima < 2.1.11 - Reflected Cross-Site Scripting
The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock The XSS will be triggered when the us...
Malicious code in gulp-lpoada-plugins (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 530fe83bcfab48f3befbe4c33fcdbaaf1ea0eb6f27cd220d060424e3e5b62b5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3514 Malicious code in gulplosdplucgins (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c22d26a691d5c655c5c62f10f64ae9700bc4eba743e44b7e883f8f281a978f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2022-2269)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : gstreamer1-plugins-good (EulerOS-SA-2022-2269)
According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing...
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...
GLSA-202208-31 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-31 GStreamer, GStreamer Plugins: Multiple Vulnerabilities - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashe...
GHSA-78F9-745F-278P Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Impact A partial Directory Traversal Vulnerability found in apoc.log.stream function of apoc plugins in Neo4j Graph database. This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example,...
Debian: Security Advisory (DSA-5204-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Zimbra 安全漏洞
Zimbra is an open source email collaboration platform from Zimbra, Inc. in the United States. Zimbra suffers from a security vulnerability that stems from its sudo configuration that allows a user to execute zmslapd binaries as the root user with arbitrary parameters. As part of its intended...
Zimbra zmslapd Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...
Debian DSA-5204-1 : gst-plugins-good1.0 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5204 advisory. Adam Doupe discovered multiple vulnerabilities in the Gstreamer plugins to demux Mastroska and AVI files which could result in denial of service or the execution ...
Debian: Security Advisory (DLA-3069-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
alsa-plugins bug fix and enhancement update
An update is available for alsa-plugins. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The alsa-plugins packages contain alsa library extensions for the Advanc...
[SECURITY] Fedora 35 Update: dovecot-2.3.19.1-3.fc35
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...
Ubuntu: Security Advisory (USN-5555-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-5204-1 gst-plugins-good1.0 - security update
Bulletin has no description...
DLA-3069-1 gst-plugins-good1.0 - security update
Bulletin has no description...