27 matches found
SmartSoft SmartFTP Client security vulnerabilities
SmartSoft SmartFTP Client is a file transfer software client developed by SmartSoft Corporation. Version 10.0.2909.0 of SmartSoft SmartFTP Client contains security vulnerabilities. These vulnerabilities stem from multiple denial-of-service vulnerabilities, which may lead to the application crashi...
EUVD-2010-3099
Malware in sbrugna...
EUVD-2022-25184
Malicious code in bioql PyPI...
EUVD-2023-41193
Malicious code in bioql PyPI...
CVE-2010-3099
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename. NOTE: some of these details are obtained from third party informatio...
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
CVE-2023-37286
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...
CVE-2023-37286
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...
CVE-2023-37286
SmartSoft SmartBPM.NET is affected by a vulnerability due to a hard-coded machine key. An unauthenticated remote attacker could use the machine key to send a serialized payload to the server, potentially achieving arbitrary code execution and disrupting service. CVSS 3.1 base score 9.8 (CRITICAL)...
SmartSoft SmartBPM.NET 信任管理问题漏洞
SmartSoft SmartBPM.NET is an enterprise process management platform from China-based SmartSoft Technologies SmartSoft. A trust management issue vulnerability exists in SmartSoft SmartBPM.NET that stems from the use of hard-coded authentication keys...
SmartSoft SmartBPM.NET 路径遍历漏洞
SmartSoft SmartBPM.NET is an enterprise process management platform from China-based SmartSoft. A security vulnerability exists in SmartSoft SmartBPM.NET, which is caused by a path traversal vulnerability in the file download function...
PT-2023-25883 · Smartisoft · Smartbpm.Net
Name of the Vulnerable Software and Affected Versions: SmartSoft SmartBPM.NET affected versions not specified Description: The issue is related to the use of a hard-coded machine key in SmartSoft SmartBPM.NET. This allows an unauthenticated remote attacker to send a serialized payload to the...
SmartSoft SmartBPM.NET 信任管理问题漏洞
SmartSoft SmartBPM.NET is an enterprise process management platform from China-based SmartSoft. A vulnerability in SmartSoft SmartBPM.NET exists due to a trust management issue that arises from the use of hard-coded machine keys...
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
Cross site request forgery (csrf)
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
CVE-2022-1912
The CVE-2022-1912 entry concerns the WordPress plugin Button Widget Smartsoft, affecting versions up to and including 1.0.1. The underlying issue is missing nonce validation on the smartsoftbutton_settings page, enabling CSRF. This allows unauthenticated attackers to update the plugin’s settings ...
CVE-2022-1912 Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
CVE-2022-1912 Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
WordPress plugin Button Widget Smartsoft 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...