Lucene search
K

8 matches found

Prion
Prion
added 2023/06/07 2:15 a.m.17 views

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

5CVSS5.2AI score0.01019EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.31 views

CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

9.1CVSS9.3AI score0.01019EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.5 views

SUSE CVE-2006-6077

The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...

5CVSS8.9AI score0.0196EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/01/14 12:0 a.m.5 views

October CMS 代码代码注入漏洞

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...

8.8CVSS6AI score0.01336EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.5 views

Liferay Portal 和 Liferay DXP 权限许可和访问控制问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

4.3CVSS5.5AI score0.00904EPSS
Exploits0References2
OSV
OSV
added 2018/04/16 3:29 p.m.5 views

CVE-2018-10133

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...

9.8CVSS5.8AI score0.01422EPSS
Exploits1References1
0day.today
0day.today
added 2010/06/08 12:0 a.m.22 views

CafeEngine CMS V2.3 SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================== CafeEngine CMS V2.3 SQL Injection Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/03/14 12:24 a.m.3 views

security flaw

The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...

5CVSS7.3AI score0.0196EPSS
Exploits1References4
Rows per page
Query Builder