35 matches found
CVE-2025-60189
The vulnerability CVE-2025-60189 affects the WordPress plugin PoloPag – Pix Automático para Woocommerce (wc-polo-payments), with Local File Inclusion due to improper control of filenames for include/require statements. Affected version range is <= 2.0.9. The issue enables PHP Local File Inclus...
EUVD-2020-21054
Malware in sbrugna...
CVE-2022-30314
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...
CVE-2020-28656
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainmen...
CVE-2022-30314
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...
Hardcoded credentials
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...
Hardcoded credentials
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2022-30314
CVE-2022-30314 affects Honeywell Experion PKS Safety Manager 5.02. The vulnerability arises from hard-coded credentials used to access the POLO bootloader, which is exposed via the DCOM-232/485 serial interface used for firmware management. An attacker with physical or gateway-access to the seria...
CVE-2022-30314
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
PT-2022-3178 · Honeywell +1 · Honeywell Experion Pks Safety Manager +1
Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS Safety Manager version 5.02 Description: The issue is related to the use of hard-coded credentials in the Honeywell Experion PKS Safety Manager. The affected component is the POLO bootloader. An attacker with access to...
uzsc.nl Cross Site Scripting vulnerability OBB-2292575
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-24415
The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the...
CVE-2021-24415
The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the...
CVE-2021-24415
CVE-2021-24415 affects the WordPress plugin Polo Video Gallery
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
WordPress Polo Video Gallery plugin <= 1.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński in WordPress Polo Video Gallery plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of July 27, 2021 and is not available for download. Reason: Guideline Violation...
Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode PoC Log in as contributor and add the following shortco...
Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...
CVE-2020-28656
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainmen...