MAL-2022-1210 Malicious code in axios-replace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a686c9db8b278dabb3e76765ae41fd7caae4c05302f3ee663c7ff6781c5d4f1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1472

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...

CVE-2022-1472 Better Find and Replace < 1.3.6 - Admin+ SQLi

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...

WordPress plugin Better Find and Replace SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions prior to WordPress Better Find and Replace plugin 1.3.6 contain a SQL injection...

Privilege Escalation via edit response body

Description Recently, i found a business logic vulnerabity and this vulnerability allow reader user perform privilege escalation on allaccess user. Because before user perform any function, client-side will perform OPTIONS request to view user permission with specify function via response body. I...

Better Find and Replace < 1.3.6 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...

WordPress Domain Replace plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Domain Replace plugin, which stems from the...

CVE-2022-1218

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-1218

CVE-2022-1218 affects the WordPress Domain Replace plugin (versions up to 1.3.8). The vulnerability is a reflected Cross-Site Scripting caused by failing to sanitise/escape a parameter before outputting it in an admin-page attribute. Impact is reflected-XSS access via crafted input; PoCs exist in...

CVE-2022-1218 Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress plugin Domain Replace 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Domain Replace plugin, which stems from the...

Craft CMS PHP Code Injection Vulnerability

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets-Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension...

RubyGems 安全漏洞

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems suffers from a security vulnerability that stems from an error in yank operations, which allows any RubyGems.org user to delete and replace certain gem...

WordPress Better Find and Replace plugin <= 1.3.4 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered in WordPress Better Find and Replace plugin versions = 1.3.4. Solution Update the WordPress Better Find and Replace plugin to the latest available version at least 1.3.5...

WordPress Domain Replace plugin <= 1.3.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Domain Replace plugin versions = 1.3.8. Solution Deactivate and delete. This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full review...

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=dr-convert&msg=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=dr-convert=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

Delta Electronics DIAEnergie 安全漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.An authorization...

CLSA-2022-1645466687 Fix of CVE: CVE-2021-28153, CVE-2021-3800

CVE-2021-28153: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink 1939118 - CVE-2021-3800: Possible privilege escalation thourgh pkexec and aliases 1938284...

PT-2022-7246 · Emerson · Emerson Dixell Xweb-500

Name of the Vulnerable Software and Affected Versions: Emerson Dixell XWEB-500 affected versions not specified Description: The issue is related to information disclosure via directory listing, allowing a potential attacker to access all files in remote directories. This is due to a...