2291 matches found
CVE-2024-21990
CVE-2024-21990 concerns ONTAP Select Deploy administration utility, where hard-coded credentials in versions 9.12.1.x, 9.13.1.x and 9.14.1.x may allow an attacker to view Deploy configuration information and modify account credentials. The issue is documented across multiple sources (NetApp advis...
CVE-2024-21989 Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges...
CVE-2024-21989 Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges...
CVE-2024-21989
CVE-2024-21989 affects NetApp ONTAP Select Deploy administration utility (versions 9.12.1.x, 9.13.1.x, 9.14.1.x). A read-only user can escalate privileges due to the vulnerability. Connected advisories confirm affected versions and privilege escalation risk; mitigation guidance varies—PT-Security...
PT-2024-19143 · Netapp · Ontap Select Deploy Administration Utility
Name of the Vulnerable Software and Affected Versions: ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x Description: The issue is related to hard-coded credentials in the affected software, which could allow an attacker to view configuration information and modi...
NetApp ONTAP Select Deploy administration utility 信任管理问题漏洞
NetApp ONTAP Select Deploy administration utility is an administration utility for deploying and managing ONTAP Select clusters from Network Appliance NetApp, Inc. A security vulnerability exists in NetApp ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x , 9.14.1.x, which...
PT-2024-19141 · Netapp · Ontap Select Deploy Administration Utility
Name of the Vulnerable Software and Affected Versions: ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x Description: The issue allows a read-only user to escalate their privileges when successfully exploited. Recommendations: For versions 9.12.1.x, consider...
CVE-2024-2585
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend2.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
AMSS++ Cross-Site Scripting Vulnerability
AMSS++ is a tool for the office management support system of Amssplus. A cross-site scripting vulnerability exists in AMSS++ version 4.31, which stems from a cross-site scripting vulnerability in multiple parameters on the /amssplus/modules/mail/main/selectsend.php page...
AMSS++ SQL Injection Vulnerability
AMSS++ is a tool for the office management support system of Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which stems from an SQL injection vulnerability in the sdindex parameter of the /amssplus/modules/book/main/selectsend2.php page...
PT-2024-21254 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the /amssplus/modules/book/main/select send 2.php endpoint, in multiple...
CVE-2024-1409
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...
WordPress Plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Paid Membership Plugin,...
PT-2024-18019 · WordPress · Profilepress
Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.15.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...
BIT-MEDIAWIKI-2020-25815
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...
BIT-SQLITE-2021-20227
A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...
BIT-MYSQL-CLIENT-2021-46663
MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT statements...
BIT-MYSQL-CLIENT-2021-46668
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...
BIT-MARIADB-2021-46663
MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT statements...
BIT-MARIADB-2021-46668
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...