CVE-2024-57980

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvcstatusinit function fails to allocate the inturb, it will free the dev-status pointer but doesn't reset the pointer to NULL. This results in the kfree call in...

IS_Projecto2 SQL注入漏洞

ISProjecto2 is an application by Ricardo Simões Personal Developer. ISProjecto2 suffers from a SQL injection vulnerability that stems from a misuse of the parameter date resulting in sql injection...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload Vulnerability

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload. I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE -------------------------...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE ------------------------- CVE-2021-40845 III. VENDOR ------------------------- https://www.zenitel.com/ IV. DESCRIPTION ------------------------- The web part of Zenitel...

ricardoazziz.com Cross Site Scripting vulnerability OBB-1496902

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ricardoceppi.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1177386 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

WordPress Resim ara 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Resim ara 1.0 Resim ara is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Resim Ara plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ricardo Sanchez in WordPress Resim Ara plugin versions = 1.0. Solution This plugin has been closed as of January 17, 2020 and is not available for download. Reason: Security Issue...

Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password. Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities I. VULNERABILITY...

WordPress Human Presence plugin <= 2.0.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Human Presence plugin versions = 2.0.8. Solution 11 September 2019 - we were unable to find a patched version of this plugin...

WordPress Qwizcards plugin <= 3.36 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Qwizcards plugin versions = 3.36. Solution 10 September 2019 - we were unable to find a patched version of this plugin...

WordPress ECPay Logistics for WooCommerce plugin <= 1.2.181030 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress ECPay Logistics for WooCommerce plugin versions = 1.2.181030. Solution 06 Sep 2019 - we were unable to find a patched version of this plugin. Deactivate and uninstall...

WordPress API Bearer Auth plugin <= 20181229 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress API Bearer Auth plugin versions = 20181229. Solution 06 Sep 2019 - we were unable to find a patched version of this plugin. Deactivate and uninstall...

WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected...

WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected...

WordPress API Bearer Auth 20181229 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications WordPress API Bearer Auth 20181229 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Api bearer auth 20181229 Api bearer auth is prone to a reflected cross-site scripting vulnerability...

WordPress Spryng Payments for WooCommerce plugin <= 1.6.7 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Spryng Payments for WooCommerce plugin versions = 1.6.7. Solution 8 Sep 2019 - we were unable to find a patched version of this plugin...

WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execut...

WordPress Propertyhive 1.4.14 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Propertyhive 1.4.14 Propertyhive is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in...

WordPress MQ ReLinks 1.8 XSS / Open Redirection

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable MQ ReLinks 1.8 MQ ReLinks is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...