48 matches found
CVE-2026-5984
CVE-2026-5984 affects the D-Link DIR-605L (firmware 2.13B01). The vulnerable component is the POST Request Handler, specifically the function formSetLog in /goform/formSetLog. Manipulating the argument curTime can cause a buffer overflow, enabling a remote attack. Public exploit is referenced, an...
WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability
Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...
PT-2025-45404
Name of the Vulnerable Software and Affected Versions Gravity Forms versions up to and including 2.9.20 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the copy post image function. This allows...
EUVD-2023-29868
Malicious code in bioql PyPI...
CVE-2023-25981
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form plugin = 2.8.1 versions...
WordPress plugin Post Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Post Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service', 'Description' = %q The vulnerability allows remote unauthenticated attackers to force...
CVE-2024-1158
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...
WordPress Plugin Post Form Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2024-1170
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handledeletedmedia function in all versions up to, and including,...
CVE-2024-1169 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyformsuploadhandledroppedmedia function in all versions up to, and...
PT-2024-17195 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions
Name of the Vulnerable Software and Affected Versions: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress versions up to, and including, 2.8.7 Description: The issue is related to a missing capability check on...
rgw: improperly verified POST keys
A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Ceph vulnerability (USN-6613-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6613-1 advisory. Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use th...
Logsensor - A Powerful Sensor Tool To Discover Login Panels, And POST Form SQLi Scanning
A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility http, https Login panel scanning are done in multiprocessing so the script is super fast at scanning many urls quick tutorial & screenshots are shown a...
PT-2023-32344 · Unknown · Flusity-Cms
Name of the Vulnerable Software and Affected Versions: flusity CMS affected versions not specified Description: A problematic issue has been found in flusity CMS, affecting the loadPostAddForm function of the file core/tools/posts.php. The manipulation of the edit post id argument leads to...
OESA-2023-1761 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's...
CVE-2023-25981
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form plugin = 2.8.1 versions...
CVE-2023-25981
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form plugin = 2.8.1 versions...