WordPress plugin Fancy Product Designer cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...

CVE-2022-24248

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

CVE-2022-24248

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

Path traversal

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

SonicWall SMA100 Directory Traversal Vulnerability

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

Server-Side Request Forgery in FUXA

A Server-Side Request Forgery SSRF attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server...

F-Secure 多款产品安全漏洞

F-Secure Elements Agent and others are products of F-Secure Finland.F-Secure Elements Agent is a cloud-native endpoint protection system.F-Secure MDR is a managed network security service.F-Secure Client Security is a client security F-Secure Client Security is a client-side security solution. A...

CVE-2021-41241

CVE-2021-41241 is documented in multiple sources as a permission check flaw in the Nextcloud groupfolders feature. The issue allows a user to access subfolders within a groupfolder despite advanced permissions, by copying the groupfolder to another location. Affected guidance specifies upgrading ...

Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99

It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-On...

Design/Logic Flaw

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

Incorrect Default Permissions in Cobbler

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

CVE-2021-45083

CVE-2021-45083 affects Cobbler prior to 3.3.1. Files under /etc/cobbler are world-readable, exposing sensitive data (e.g., users.digest with SHA2-512 hashes and plaintext potential for weak passwords; settings.yaml with secrets). Local, non-privileged users could access these files to infer crede...

AlmaLinux 8 : mariadb:10.3 (ALSA-2019:3708)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2019:3708 advisory. mysql: InnoDB unspecified vulnerability CPU Jan 2019 CVE-2019-2510 mysql: Server: DDL unspecified vulnerability CPU Jan 2019 CVE-2019-2537 mysql: Server:...

Path Traversal in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/DownloadFile" that allows downloading/deleting files without authentication. In addition, this endpoint has path traversal vulnerability that allows arbitrary file read/delete. Proof of Concept - using BurpSui...

CVE-2021-22821

A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

Perfect Brands for WooCommerce < 2.0.5 - Subscriber+ Sensitive Information Disclosure

The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to retrieve sensitive information about the server...

Mageia: Security Advisory (MGASA-2019-0181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SQL Injection

showdoc/showdoc is vulnerable to SQL Injection attacks. The library does not properly sanitize the uid parameter which is an user input, allowing a malicious user to inject and execute arbitrary SQL queries on the server...

Updated phpmyadmin packages fix security vulnerability

A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions PMASA-2022-1. A series of weaknesses was identified allowing a malicious user to submit maliciou...

16 Best DDOS Attack Tools in 2022

What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering...