CVE-2014-10387

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...

CVE-2014-10388

CVE-2014-10388 affects the WordPress plugin wp-support-plus-responsive-ticket-system prior to version 4.2. Multiple connected sources (RH, NVD, CVE lists, WPVulnDB) consistently describe a full path disclosure vulnerability in this plugin, enabling disclosure of server file paths. Public details ...

CVE-2014-10391

The CVE-2014-10391 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System, specifically versions prior to 4.1. The vulnerability is a JavaScript injection (XSS) flaw caused by insufficient validation of client-side data in the plugin. Impact is that an attacker could trigger...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

Cross site request forgery (csrf)

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2017-18513

Affected software: WordPress, plugin “responsive-menu” prior to 3.1.4. Root cause: missing CSRF protection in the admin interface. Vulnerability description: CVE-2017-18513 documents a CSRF risk for admin actions in the responsive-menu plugin. Multiple connected sources (Red Hat, CNVD, NVD, PRION...

Photospace Responsive < 1.1.8 - Authenticated XSS

The Photospace Responsive Gallery WordPress plugin was affected by an Authenticated XSS security vulnerability...

[SECURITY] Fedora 29 Update: js-jquery-jstree-3.3.8-1.fc29

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

[SECURITY] Fedora 30 Update: js-jquery-jstree-3.3.8-1.fc30

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

Sales ERP 8.1 - Multiple SQL Injection

Sales ERP 8.1 - Multiple SQL Injection =========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

WordPress Support Plus Responsive Ticket System Plugin < 9.1.2 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the submitticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in...

CVE-2019-7299

CVE-2019-7299 concerns a stored XSS in the WP Support Plus Responsive Ticket System WordPress plugin, specifically in submit_ticket.php (path: wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php) for version 9.1.1. The vulnerability allows injection of arbi...

CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...

CVE-2018-20789

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 contains a path traversal vulnerability in ajax_calls.php (get_file action). Insufficient sanitization of directory traversal characters allows remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/CVE entries and vend...

CVE-2018-20791

CVE-2018-20791 affects tecrail Responsive FileManager 9.13.4. The issue is an XSS via a media file upload, caused by mishandling of the media_preview action, allowing an attacker to inject script/HTML through the filename. Connected sources confirm the product/version and the vulnerability class;...

CVE-2018-20790

The CVE-2018-20790 entry affects tecrail Responsive FileManager 9.13.4. A path traversal vulnerability exists in the delete_file action within execute.php, where a paths[0] traversal mitigation can be bypassed, enabling remote attackers to delete arbitrary files. This is initiated via the delete_...