CVE-2024-13532

CVE-2024-13532 affects the Small Package Quotes – Purolator Edition WordPress plugin (versions

CVE-2024-3217

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attributevalue' and 'attributeid' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-11710

CVE-2024-11710 affects WordPress plugin WP Job Portal – A Complete Recruitment System for Company or Job Board website, vulnerable to SQL Injection via fieldfor, visibleParent and id parameters in all versions up to 2.2.2 due to insufficient escaping and poor query preparation. The vulnerability ...

WordPress Plugin Super Testimonials Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Zoho ManageEngine ApplicationManager Command Injection (CVE-2018-7890)

A command injection vulnerability exists in Zoho ManageEngine ApplicationManager. The vulnerability is due to improper validation of the user supplied parameters. A remote attacker can exploit this vulnerability by sending crafted parameters to the target system...

CVE-2021-41162 Cross-site Scripting in Combodo iTop

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizardhelper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known...

PT-2022-11368 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 3.0.0-beta6 Description: The issue affects Combodo iTop, a web-based IT Service Management tool. In the affected versions, the export CSV page does not properly escape user-supplied parameters, allowing for...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...

PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/9947/info It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. These issues could permit a remote attacke...

IGeneric Free Shopping Cart 1.4 - SQL Injection

source: https://www.securityfocus.com/bid/9771/info It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters As a result of this issue a malicious user may...

RemotelyAnywhere - Default.HTML Logout Message Injection

source: https://www.securityfocus.com/bid/9202/info RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters...

RemotelyAnywhere - Default.HTML Logout Message Injection

RemotelyAnywhere - Default.HTML Logout Message Injection source: https://www.securityfocus.com/bid/9202/info RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by...

DCP-Portal 5.5 - 'advertiser.php?Password' SQL Injection

source: https://www.securityfocus.com/bid/8739/info Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI parameters. Attacks have been demonstrated that inject...

Stockman Shopping Cart 7.8 - Arbitrary Command Execution

Stockman Shopping Cart 7.8 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/7485/info Stockman Shopping Cart has been reported prone to a remote command execution vulnerability. This issue presents itself in the 'shop.plx' script. The problem results from a lack of sufficie...