CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

Cross site request forgery (csrf)

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2017-18513

Affected software: WordPress, plugin “responsive-menu” prior to 3.1.4. Root cause: missing CSRF protection in the admin interface. Vulnerability description: CVE-2017-18513 documents a CSRF risk for admin actions in the responsive-menu plugin. Multiple connected sources (Red Hat, CNVD, NVD, PRION...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

Photospace Responsive < 1.1.8 - Authenticated XSS

The Photospace Responsive Gallery WordPress plugin was affected by an Authenticated XSS security vulnerability...

[SECURITY] Fedora 29 Update: js-jquery-jstree-3.3.8-1.fc29

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

[SECURITY] Fedora 30 Update: js-jquery-jstree-3.3.8-1.fc30

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

Sales ERP 8.1 - Multiple SQL Injection

Sales ERP 8.1 - Multiple SQL Injection =========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

WordPress Support Plus Responsive Ticket System Plugin < 9.1.2 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the submitticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in...

CVE-2019-7299

CVE-2019-7299 concerns a stored XSS in the WP Support Plus Responsive Ticket System WordPress plugin, specifically in submit_ticket.php (path: wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php) for version 9.1.1. The vulnerability allows injection of arbi...

CVE-2018-20789

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...

CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 contains a path traversal vulnerability in ajax_calls.php (get_file action). Insufficient sanitization of directory traversal characters allows remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/CVE entries and vend...

CVE-2018-20791

CVE-2018-20791 affects tecrail Responsive FileManager 9.13.4. The issue is an XSS via a media file upload, caused by mishandling of the media_preview action, allowing an attacker to inject script/HTML through the filename. Connected sources confirm the product/version and the vulnerability class;...

CVE-2018-20795

CVE-2018-20795 affects tecrail Responsive FileManager 9.13.4. The vulnerability is a path traversal in file access that lets remote attackers read arbitrary files via a path parameter. Specifically, the issue is triggered through the copy_cut action in ajax_calls.php and the paste_clipboard actio...

CVE-2018-20790

The CVE-2018-20790 entry affects tecrail Responsive FileManager 9.13.4. A path traversal vulnerability exists in the delete_file action within execute.php, where a paths[0] traversal mitigation can be bypassed, enabling remote attackers to delete arbitrary files. This is initiated via the delete_...

CVE-2018-20794

CVE-2018-20794 affects tecrail Responsive FileManager (version 9.13.4). The flaw is a path traversal in the save_img action of ajax_calls.php, enabling remote attackers to write to arbitrary image files (jpg/jpeg/png). The issue originates from how the path parameter is handled, allowing modifica...

CVE-2018-20793

The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...