WordPress Accessibly plugin <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API vulnerability discovered by WordFence in WordPress Plugin Accessibly WordPress Website Accessibility versions = 3.0.3...

SUSE-SU-2026:0825-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768...

EUVD-2025-34919

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

Apache Linkis 代码问题漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability, the vulnerability stems from the data...

SUSE CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

SUSE CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

Static Code Injection in collectiveaccess/pawtucket2

Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

ant: insecure temporary file

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

DEBIAN-CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

GHSA-4P6W-M9WC-C9C9 Sensitive Data Exposure in Apache Ant

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

DEBIAN-CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

STG Security Advisory 2004-12-20.16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041220-16 PHP source injection and cross-site scripting vulnerabilities in ZeroBoard Revision 1.2 Date Published: 2004-12-20 KST Last Update: 2004-12-24 Disclosed by SSR Team [email protected] Summary =======...

STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard

STG Security Advisory: SSA-20041220-16 PHP source injection and cross-site scripting vulnerabilities in ZeroBoard Revision 1.2 Date Published: 2004-12-20 KST Last Update: 2004-12-24 Disclosed by SSR Team [email protected] Summary ======= ZeroBoard is one of widely used web BBS applications...

bug in Club 1.0 - 1.3

Hi, security team www.rst.bb1.ru --= Advisory 6 =-- Product: Club 1.0 - 1.3 http://www.lyanguzov.inc.ru/ Vuln: PHP source injection The php-script Club version 1.0 - 1.3 maybe version 1.2 vuln too, i can't find this version is vuln for PHP source injection. Bug found in file club.php: scip if $p ...

Bookmar4U and Active PHP Bookmarks Vulnerabilities

Program: Bookmark4U V.1.8.3 website: http://bookmark4u.sourceforge.net/ Vendor status: Informed 30 days ago Problem: Source injection Files affected: inc/dbase.php inc/config.php inc/common.load.php ? Proof of concept: dbase.php?prefix=http://... Solution: The security of the inc/ directory is...

PHP source injection in osCommerce

PHP source injection in osCommerce ---------------------------------- Product Description osCommerce is an open source e-commerce solution under on going development by the open source community. Its feature packed out-of-the- box installation allows store owners to setup, run, and maintain their...

PHP source injection in PHPAddress

PHP source injection in PHPAddress Description PHP-Address is a collection of PHP3-Scripts works on PHP4 too for maintaing a small web-based address-database. It can be found at http://phpaddress.huebsch-gemacht.de/ Workaround Change the global.php3 file so it looks like this: ?php c Copyright in...

malicious PHP source injection

JCC Security Advisory June 15, 2002 malicious PHP source injection Description Zeroboard is one of popular PHP web boards in Korea. When allowurlfopen = On and registerglobals = On in php.ini, Zeroboard has vulnerability because head.php contains dangerous codes. So an attacker can include any...