2121 matches found
CVE-2021-45008
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
Privilege escalation
DISPUTED Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
CVE-2021-45008
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
CVE-2021-45008
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...
CVE-2022-23358
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
All the scxMinted is at risk of being burnt.(Limbo.sol)
Handle Hawkeye Vulnerability details Impact If one of the variables that calculate adjustedRectangle is a zero value,it will impair the calculation of excessSCX which would equal to all of the scxMinted on line 219.Nothing will be deducted from scxMinted on line 229 since adjustedRectangle =0...
CVE-2021-24919 Wicked Folders < 2.18.10 - Subscriber+ SQL Injection
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
Design/Logic Flaw
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2021-46662
Disclaimer: This data contains information about vulnerable...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2021-46662
CVE-2021-46662 : MariaDB prior to 10.5.9 allows a set_var.cc application crash triggered by certain UPDATE statements in combination with a nested subquery. This vulnerability is corroborated by multiple connected advisories noting the same affected condition (CVE-2021-46662) and associated crash...
CVE-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
Conversios.io < 4.6.2 - Subscriber+ SQL Injection
The plugin does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. Note: The vendor was notified multiple times since November 6t...
WordPress RegistrationMagic V 5.0.1.5 SQL Injection
Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...