2426 matches found
CVE-2021-24457
The CVE-2021-24457 entry concerns the WordPress plugin Portfolio Responsive Gallery (versions before 1.1.8). The connected documents confirm a concrete vulnerability: get_portfolios() and get_portfolio_attributes() fail to whitelist/validate the orderby parameter before using it in SQL in get_res...
CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress plugin Ays- Responsive Slider and Carousel prior t...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Portfolio Responsive Gallery prior to...
MetInfo Cross-Site Request Forgery Vulnerability (CNVD-2022-05449)
MetInfo using PHP + Mysql architecture, is a very SEO-friendly, full-featured, support for multi-language, responsive display, extremely suitable for business, corporate website construction cms station-building system. Metinfo 6.1.3 version of the existence of cross-site request forgery...
CVE-2021-25206
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Productmodel.php...
CVE-2021-25206
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Productmodel.php...
CVE-2021-25206
SourceCodester Responsive Ordering System v1.0 contains an Arbitrary file upload vulnerability that allows an attacker to execute arbitrary code via uploading a file to Product_model.php. The CVE entry CVE-2021-25206 is supported by multiple sources (NVD, Red Hat, CVE list, CNNVD, PRION, etc.). P...
SourceCodester Responsive Ordering System 代码问题漏洞
SourceCodester Responsive Ordering System is an online ordering system. A security vulnerability in SourceCodester Responsive Ordering System v 1.0 allows an attacker to execute arbitrary code by uploading a file to Productmodel.php...
Accessibility and usability for all in Azure Sentinel
As a father of a child on the Autism spectrum who relies completely on digital media for his learning, I fully appreciate the impact that digital accessibility can have on people with disabilities. Designing with accessibility in mind greatly expands the impact of Microsoft solutions. What many...
Accessibility and usability for all in Azure Sentinel
As a father of a child on the Autism spectrum who relies completely on digital media for his learning, I fully appreciate the impact that digital accessibility can have on people with disabilities. Designing with accessibility in mind greatly expands the impact of Microsoft solutions. What many...
AVEVA System Platform Authentication Vulnerability
AVEVA System Platform is an application from the UK-based AVEVA Aveva. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications.An authentication vulnerability exists in AVEVA System Platform. No details of the vulnerability are currently...
Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to...
CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
DEBIAN-CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Code injection
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...