Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the WriteDataFile method. The issue results from th...

check-jsonschema default caching for remote schemas allows for cache confusion

Impact The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attacker can get a user to run check-jsonschema against a malicious schema URL,...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...

WordPress Pure CSS Circle Progress bar plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Pure CSS Circle Progress Bar versions = 1.2...

CVE-2024-11385

The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circleprogress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-11385

The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circleprogress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-11385 Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circleprogress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

WordPress Pure CSS Circle Progress Bar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Pure CSS Circle Progress Bar Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11385 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92b64818bcc8 Credits SOPROBRO...

WordPress plugin Pure CSS Circle Progress bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

Progress Telerik UI for WinForms < 2024.4.1113 Unsafe Deserialization

The version of Progress Telerik UI for WinForms installed on the remote host is prior to 2024.4.1113. It is, therefore, affected by the following vulnerability: - In Progress Telerik UI for WinForms versions prior to 2024 Q4 2024.4.1113, a code execution attack is possible through an insecure...

CVE-2024-53052 io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: fix missing NOWAIT check for ODIRECT start write When iouring starts a write, it'll call kiocbstartwrite to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze...

CVE-2024-50548

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abdullah Nahian Awesome Progress Bar awesome-progess-bar allows DOM-Based XSS.This issue affects Awesome Progress Bar: from n/a through = 1.0.13...

CVE-2024-50548

The CVE CVE-2024-50548 concerns the WordPress plugin Awesome Progress Bar with a Cross-Site Scripting (XSS) flaw in DOM-based handling due to improper input neutralization during page generation. Affected versions are up to 1.0.1. Connected sources corroborate the vulnerability as an XSS issue (P...

WordPress plugin Awesome Progress Bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Progress Kemp LoadMaster OS Command Injection Vulnerability

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...

Progress Software WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of getReport method. The issue results from the lack of...