CVE-2022-46850 WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

WordPress plugin Easy Media Replace 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-15075 · WordPress · Easy Media Replace

Name of the Vulnerable Software and Affected Versions: Easy Media Replace plugin versions prior to 0.1.4 Description: The issue is related to Broken Access Control, allowing Arbitrary File Deletion. Recommendations: For Easy Media Replace plugin versions prior to 0.1.4, update to version 0.1.4 or...

CVE-2023-34475

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service...

Barracuda Networks Releases Update to Address ESG Vulnerability

Barracuda Networks has released an update to their advisorylink is external addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance ESG. According to Barracuda, customers should replace impacted appliances immediately. CISA urges organizations to review the Barracuda...

SUSE CVE-2023-34475

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service...

CVE-2023-0329

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...

PT-2023-16183 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder WordPress plugin versions prior to 3.12.2 Description: The issue arises from improper sanitization and escaping of the Replace URL parameter in the Tools module, which is used in a SQL statement. This leads to a SQL...

WordPress plugin Elementor Website Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection

Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...

kernel: md: Replace snprintf with scnprintf

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...

FreeBSD : Gitlab -- Vulnerability (4a08a4fb-f152-11ed-9c88-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a08a4fb-f152-11ed-9c88-001b217b3468 advisory. - An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7,...

CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

UBUNTU-CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

PT-2023-18345 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 15.9.8 GitLab versions 15.10.0 through 15.10.7 GitLab versions 15.11.0 through 15.11.3 Description: A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would...

CVE-2023-2181

GitLab vulnerability CVE-2023-2181 affects all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. An attacker could abuse the git feature refs/replace to smuggle content into a merge request, which would not be visible during UI review. This is caused by improper handling...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab versions prior to 15.9.8, 15.10.0...

CVE-2023-2181

Removed by vendor...

Gitlab -- Vulnerability

Gitlab reports: Smuggling code changes via merge requests with refs/replace...