Lucene search
+L

222 matches found

RedhatCVE
RedhatCVE
added 2023/03/09 2:10 p.m.41 views

CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

5.5CVSS5.2AI score0.00865EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.4 views

SUSE CVE-2011-2753

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the empty trash implementation and 2 the Index Order aka optionsorder page, a different issue than...

6.8CVSS7AI score0.01081EPSS
Exploits0References3
CNVD
CNVD
added 2022/12/20 12:0 a.m.67 views

Apache Zeppelin input validation error vulnerability

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...

6.5CVSS2.9AI score0.01539EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.5 views

Apache Zeppelin 输入验证错误漏洞

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...

6.5CVSS6.5AI score0.01539EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/16 12:0 a.m.5 views

PT-2022-9904 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.9.0 and prior versions Description: The issue is related to improper Input Validation in the "Move folder to Trash" feature of Apache Zeppelin, allowing an attacker to delete arbitrary files. Recommendations: For...

6.5CVSS6.3AI score0.01539EPSS
Exploits0References7
Huntr
Huntr
added 2022/07/03 4:13 a.m.17 views

Documents in trash accessible by Viewer role

Description Once a document is archived or deletec, there is no way to access it through the UI or the Document link. But, the API gives the file information and content. This is same with archived files. Proof of Concept 1. Give a user Viewer role. 2. Visit https://your.getoutline.com/trash or...

0.3AI score
Exploits0
NVD
NVD
added 2022/06/13 1:15 p.m.21 views

CVE-2021-25116

The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put...

6.5CVSS0.00408EPSS
Exploits2References1
OSV
OSV
added 2022/06/13 1:15 p.m.4 views

CVE-2021-25116

The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put...

6.5CVSS5.9AI score0.00408EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/06/13 12:0 a.m.5 views

PT-2022-9671 · WordPress · Enqueue Anything

Name of the Vulnerable Software and Affected Versions: Enqueue Anything WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue is related to the lack of authorization and CSRF checks in the remove asset AJAX action. This allows low-privilege users, such as subscribers, to delete...

6.5CVSS6.3AI score0.00408EPSS
Exploits2References4
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.128 views

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries&action=trash&entry=2 Since entry permanent deletion:...

8.1CVSS1.1AI score0.00453EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2022/02/22 6:0 p.m.14 views

An Optical Spy Trick Can Turn Any Shiny Object Into a Bug

Anything from a metallic Rubik’s cube to an aluminum trash can inside a room could give away your private conversations...

3AI score
Exploits0
Prion
Prion
added 2021/11/08 3:15 p.m.23 views

Session fixation

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

7.5CVSS9.2AI score0.01103EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/03/29 8:52 a.m.29 views

WordPress: Allow authenticated users can edit, trash,and add new in BuddyPress Emails function

Description: Allow author can edit, trash,and add new your posts in BuddyPress Emails function And editor can edit,trash, add new any posts in BuddyPress Emails default. Steps To Reproduce: Step 1 : Create two accounts: Admin and Author Step 2: Login with admin account. In admin account, give...

0.3AI score
Exploits0
OSV
OSV
added 2020/03/12 2:15 p.m.3 views

CVE-2020-10456

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...

4.8CVSS5.9AI score0.00733EPSS
Exploits2References2
Cvelist
Cvelist
added 2020/03/12 1:5 p.m.59 views

CVE-2020-10456

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...

5AI score0.00733EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/03/12 12:0 a.m.4 views

PT-2020-12126 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

4.8CVSS5.2AI score0.00733EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.6 views

The vulnerability of Blink’s web page display mechanism in the Google Chrome web browser allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of Blink’s web page rendering mechanism in the Google Chrome browser is related to the reutilization of dynamic memory after it is freed by a “trash collector”. Exploiting this vulnerability can allow an attacker to compromise data integrity, gain unauthorized access to protecte...

9.3CVSS5.5AI score0.01952EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2019/03/21 4:0 p.m.17 views

CVE-2018-14575

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...

8.8CVSS8.3AI score0.02377EPSS
Exploits5References3
OSV
OSV
added 2019/03/21 4:0 p.m.4 views

CVE-2018-14575

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...

8.8CVSS5.7AI score0.02377EPSS
Exploits5References3
Cvelist
Cvelist
added 2019/03/17 9:19 p.m.21 views

CVE-2018-14575

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...

8.4AI score0.02377EPSS
Exploits5References3
Rows per page
Query Builder