25 matches found
CVE-2021-24388
In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page,...
CVE-2020-8228
CVE-2020-8228 describes a missing rate limit on the signup page in the Nextcloud Preferred Providers app (version 1.7.0), allowing an attacker to repeatedly set the password. The OpenSUSE security advisory (NC-SA-2020-033) and related OSS notes confirm this CVE and indicate it was addressed in th...
CVE-2018-5165
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...
CVE-2013-3253
Cross-site request forgery CSRF vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings...
CVE-2011-4578
event.c in acpid aka acpid2 before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to 1 perform write operations within directories created by a script, or 2 read files created by a script, via standard filesystem system...