PT-2022-7031

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions 3.7.37 and earlier Description The issue is related to improper sanitization in the WP Query function of the WordPress content management system, which can lead to SQL injection through...

WordPress < 5.8.3 - SQL Injection via WP_Query

Description Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way...

RiotPot - Resilient IoT And Operational Technology Honeypot

RIoTPot is an interoperable medium interaction honeypot, primarily focused on the emulation IoT and OT protocols, although, it is also capable of emulating other services. This services are loaded in the honeypot in the form of plugins, making RIoTPot a modular, and very transportable honeypot. T...

[SECURITY] Fedora 34 Update: mutter-40.7-1.fc34

Mutter is a window and compositing manager that displays and manages your desktop via OpenGL. Mutter combines a sophisticated display engine using the Clutter toolkit with solid window-management logic inherited from the Metacity window manager. While Mutter can be used stand-alone, it is primari...

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Directorist plugin has a cross-site request forgery vulnerability, which stems from the fact that the WordPress...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +22289 more potentially affected by CVE-2021-45105 via org.apache.logging.log4j:log4j-core (>=2.0 <=2.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.0, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2021-45105 Source advisory: OSV:GHSA-P6XC-XR62-6R2G...

CVE-2021-40883

A Remote Code Execution RCE vulnerability exists in emlog 5.3.1 via content/plugins...

CVE-2021-40883

A Remote Code Execution RCE vulnerability exists in emlog 5.3.1 via content/plugins...

Remote code execution

A Remote Code Execution RCE vulnerability exists in emlog 5.3.1 via content/plugins...

CVE-2021-40883

CVE-2021-40883 affects emlog 5.3.1, with a Remote Code Execution via content/plugins. The root cause is described as failure to properly filter special elements when constructing code segments from external input. The connected documents provide no explicit exploit details, affected versions beyo...

CVE-2021-42547 reflected XSS in search functionality of WP Cloud Plugins - Out-of-the-Box

Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42546 Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive

Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.22.0 <=2.31.0), com.cognifide.aem.bundle:com.cognifide.aem.bundle.gradle.plugin (=12.0.0-beta) +58 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.12.0 <=1.22.9)

org.apache.jackrabbit:oak-core MAVEN version =1.12.0, =2.22.0, =5.0.0, =5.0.0, =5.0.0, =1.5.0, =1.0.0, =1.1.0 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5Hhttps://vulners.com/osv/OSV:GHSA-3H6...

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes. The goal, they said, is complete site takeover using administrative privileges. The scope of t...

PT-2021-23944 · Unknown +1 · Express-Session +1

Name of the Vulnerable Software and Affected Versions: Etherpad versions prior to 1.8.16 Description: Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the...

Fedora: Security Advisory for mingw-gstreamer1-plugins-good (FEDORA-2021-ed54b1128a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mingw-gstreamer1-plugins-bad-free (FEDORA-2021-ed54b1128a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Grafana -- Path Traversal

Grafana Labs reports: Grafana is vulnerable to directory traversal, allowing access to local files. We have confirmed this for versions v8.0.0-beta1 to v8.3.0. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable. The vulnerable URL path is: /public/plugins/ where...

Command injection

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

CVE-2021-3727 OS Command Injection in ohmyzsh/ohmyzsh

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...