60 matches found
Cross site request forgery (csrf)
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack...
Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF
The plugin does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...
WordPress Unauthorized Operation Vulnerability (CNVD-2020-29838)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Addons for Elementor is an extension plugin that uses one of the Elementor page builder plugins. A security vulnerability exis...
Cross-site Scripting (XSS)
mailman is vulnerable to cross-site scripting XSS. The vulnerability exists as multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of...
Mail.ru: Information Disclosure [ https://curious.ru/api/submissions ]
API endpoint at curious.ru disclosed e-mails of subscribed users...
Unauthorized Access Vulnerability in AliCloud IoT Platform
AliCloud IoT Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. An unauthorized access vulnerability exists in the AliCloud IoT platform, which can be...
WordPress WP Maintenance Mode Plugin Information Disclosure Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. An information disclosu...
Juniper Junos OS Denial of Service Vulnerability (CNVD-2018-21801)
Juniper Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A denial of service vulnerability exists in Juniper Junos OS, which arises from the program's failure to restrict the IP...
fastech-racing.com XSS vulnerability
Open Bug Bounty ID: OBB-564474 Description| Value ---|--- Affected Website:| fastech-racing.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-1555
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...
CVE-2016-2104
Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...
PT-2017-7998 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API...
Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage
Simpli Easy AFC Simple Newsletter " method="post" Proof-of-concept: http://www.example.com/cp.php?do="alert1 2. Information Leakage By default, application saves subscribed email addresses and correspondent IP addresses to plain text file el.txt Proof-of-concept: http://www.example.com/el.txt...
Cross site scripting
Cross-site scripting XSS vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823...
Fedora Update for liferea FEDORA-2007-1146
Check for the Version of liferea OpenVAS Vulnerability Test Fedora Update for liferea FEDORA-2007-1146 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for liferea FEDORA-2008-3249
Check for the Version of liferea OpenVAS Vulnerability Test Fedora Update for liferea FEDORA-2008-3249 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Opera < 9.61 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 9.61 and thus reportedly affected by several issues : - It may be possible to reveal a user's browsing history by exploiting certain constructs in Opera's History Search results 903. - Opera's Fast Forward feature is affected by a...
[SECURITY] Fedora 8 Update: liferea-1.4.15-4.fc8
Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...
[SECURITY] Fedora 8 Update: liferea-1.4.11-2.fc8
Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...
[SECURITY] Fedora 8 Update: liferea-1.2.23-5.fc8
Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...