Don8 <= 0.4 - Admin+ Stored XSS

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

Call Now Accessibility Button < 1.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CLSA-2023-1685631809 git: Fix of 2 CVEs

CVE-2022-24765: fix safe.directory key not being checked in setup.c - CVE-2022-29178: avoid failing dir ownership check - some unstable tests were disabled...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246 RocketMQ Remote Code Execution Exploit CVE-2023...

CLSA-2023-1685629885 git: Fix of 2 CVEs

CVE-2022-24765: fix safe.directory key not being checked in setup.c - CVE-2022-29178: avoid failing dir ownership check - some unstable tests were disabled...

Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles

The plugin does not sanitize and escape service titles in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

PUB-A-246542917

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-2113

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

Design/Logic Flaw

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

Path traversal

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

CVE-2023-32315 Openfire administration console authentication bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

CVE-2023-32315 Openfire administration console authentication bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

Ignite Realtime Openfire 路径遍历漏洞

Ignite Realtime Openfire is Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server . It is able to build efficient instant messaging server , and supports tens of thousand...

Openfire administration console authentication bypass

[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...

SUSE-SU-2023:2294-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixed a denial of service issue in multipart request parsing bsc1209096. Non-security fixes: - Fixed transactional...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ksmbd module in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the SMB2SESSIONSETUP command...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...