332 matches found
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
PT-2020-15475 · Smartbear +2 · Readyapi Functional Testing Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.5 and earlier ReadyAPI Functional Testing Plugin versions 1.5 and earlier Jenkins versions prior to 2.236, including 2.235.x LTS Description: The issue concerns the transmission of proje...
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...
Ultimate Membership Pro plugin <= 8.6 - Multiple Critical Vulnerabilities
Multiple Critical Vulnerabilities found by Noman Riffat in Ultimate Membership Pro plugin versions = 8.6. Solution Update the Ultimate Membership Pro plugin to the latest available version at least 8.6.1...
YARASAFE - Automatic Binary Function Similarity Checks with Yara
SAFE is a tool developed to create Binary Functions Embedding developed by Massarelli L., Di Luna G.A., Petroni F., Querzoni L. and Baldoni R. You can use SAFE to create your function embedding to use inside yara rules. If you are interested take a look at our research paper:...
CVE-2015-9499
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...
Code injection
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...
Cross site scripting
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS...
CVE-2018-18379
The CVE-2018-18379 entry concerns the Elementor Pro WordPress plugin before version 2.0.10, where the elementor-edit-template class in wp-admin/customize.php enables cross-site scripting due to improper validation of client-side data. The vulnerability affects Elementor Pro on WordPress and is ex...
CVE-2015-9418
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...
Cross site request forgery (csrf)
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...
Defeating Compiler-Level Obfuscations Used in APT10 Malware
Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...
WordPress Payment Form for PayPal Pro Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Payment Form for PayPal Pro plugin is used in one of the payment plugin. WordPress Payment Form for PayPal Pro...
Directory traversal
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...
CVE-2015-4073
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the 1 ticketcode or 2 email parameter or 3 remote authenticated users to execute arbitrary SQL commands via the filterorder parameter...
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...
CVE-2015-4075
CVE-2015-4075 – Joomla! Helpdesk Pro (
CVE-2015-4074
CVE-2015-4074 is a proven Local File Inclusion / path traversal vulnerability in the Joomla! Helpdesk Pro plugin < 1.4.0. The issue allows reading arbitrary files via a .. in the filename parameter of the ticket.download_attachment task. Affected software: Joomla! Helpdesk Pro plugin versions ...
CVE-2015-4073
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the 1 ticketcode or 2 email parameter or 3 remote authenticated users to execute arbitrary SQL commands via the filterorder parameter...