22 matches found
EUVD-2021-15591
Malware in sbrugna...
EUVD-2007-1339
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-28940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary...
CVE-2022-41495
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery SSRF via the rssurlnews parameter at /manager/index.php...
Server side request forgery (ssrf)
A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file codo.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The...
PT-2023-25307 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.109 Description: A critical issue was found in DedeCMS, affecting an unknown functionality of the file co do.php. The manipulation of the rssurl argument leads to server-side request forgery. Recommendations: For DedeCMS...
ClipperCMS 代码问题漏洞
ClipperCMS is a content management system CMS from the ClipperCMS team. A security vulnerability exists in ClipperCMS version 1.3.3, which originates from the inclusion of server-side request forgery SSRF via the rssurlnews parameter in /manager/index.php...
CVE-2022-41495
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery SSRF via the rssurlnews parameter at /manager/index.php...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
Cross site scripting
Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...
CVE-2018-20172
An issue was discovered in Nagios XI before 5.5.8. The rssurl parameter of rssdashlet/magpierss/scripts/magpieslashbox.php is not filtered, resulting in an XSS vulnerability...
DEBIAN-CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
UBUNTU-CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
CVE-2012-4448
Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...
UBUNTU-CVE-2011-0740
Cross-site scripting XSS vulnerability in magpie/scripts/magpieslashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rssurl parameter...