35 matches found
CVE-2021-24947
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...
SUSE CVE-2017-1000037
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...
WordPress Plugin RVM cross-site request forgery vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. A cross-site request forgery vulnerability exists in WordPress RVM, which originates from the rvmuploadfilepath parameter in the produ...
CVE-2021-24947
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...
CVE-2021-24947
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...
CVE-2021-24947
WordPress RVM – Responsive Vector Maps plugin (versions
PT-2022-9521 · WordPress · Wordpress Rsvp Plugin
Name of the Vulnerable Software and Affected Versions: RVM WordPress plugin versions prior to 6.4.2 Description: The issue concerns a lack of proper authorization, CSRF checks, and validation of the rvm upload regions file path parameter in the rvm import regions AJAX action. This allows any...
WordPress Plugin RVM 代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. A cross-site request forgery vulnerability exists in WordPress RVM, which originates from the rvmuploadfilepath parameter in the produ...
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server As a subscriber, open...
WordPress RVM – Responsive Vector Maps plugin <= 6.4.1 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by Krzysztof Zając in WordPress RVM – Responsive Vector Maps plugin versions = 6.4.1. Solution Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version at least 6.4.2...
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server PoC As a subscriber, open...
WordPress RVM – Responsive Vector Maps plugin <= 6.4.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered in WordPress RVM – Responsive Vector Maps plugin versions = 6.4.5. Solution Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version at least 6.5.6...
rvm-windows (>=0.0.1 <=1.0.4), simpartic (>=0.1.4 <=0.8.8) +1 more potentially affected by CVE-2021-23416 via curly-bracket-parser (=1.3.5)
curly-bracket-parser NPM version =1.3.5 is affected by a known vulnerability. The following packages have a transitive dependency on curly-bracket-parser and may be impacted: - rvm-windows =0.0.1, =0.1.4, =0.3.0, =0.9.53 Source cves: CVE-2021-23416 Source advisory: SNYK:JS-CURLYBRACKETPARSER-1297...
GitLab: Injection of `http.<url>.*` git config settings leading to SSRF
Summary When import a repo with credentials via a URL, gitaly generates the git clone command with a -c flag to add the Authorization header: https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/service/repository/createfromurl.goL37 go flags = appendflags, git.ValueFlagName: "-c", Value:...
WPScan v2.9.4 - Black Box WordPress Vulnerability Scanner
WPScan is a black box WordPress vulnerability scanner. INSTALL WPScan comes pre-installed on the following Linux distributions: BackBox Linux Kali Linux Pentoo SamuraiWTF BlackArch On macOS WPScan is packaged by Homebrew as wpscan. Windows is not supported We suggest you use the official Docker...
CVE-2017-1000037
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...
Command injection
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...
CVE-2017-1000037
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...
CVE-2017-1000037
CVE-2017-1000037 (RVM) : The connected sources document a code-execution/command-injection vulnerability in the Ruby Version Manager (RVM) where environment variables are automatically loaded from files in the current working directory ($PWD). This behavior allows arbitrary code execution when im...