38 matches found
EUVD-2011-5227
Malware in sbrugna...
EUVD-2012-5134
Malware in sbrugna...
EUVD-2022-24890
Malicious code in bioql PyPI...
CVE-2022-1601
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...
CVE-2012-3274
Stack-based buffer overflow in uam.exe in the User Access Manager UAM component in HP Intelligent Management Center IMC before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data...
CVE-2011-5328
The user-access-manager plugin before 1.2 for WordPress has CSRF...
CVE-2022-1601
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...
CVE-2022-1601
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...
Code injection
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...
CVE-2022-1601 User Access Manager < 2.2.18 - IP Spoofing
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...
CVE-2022-1601
CVE-2022-1601 affects the WordPress plugin User Access Manager and is triggered by configuring version prior to 2.2.18. The root cause is the plugin prioritizing a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which can allow attackers to access restricted content in certain situ...
PT-2023-12634 · WordPress · User Access Manager
Name of the Vulnerable Software and Affected Versions: User Access Manager WordPress plugin versions prior to 2.2.18 Description: The issue allows attackers to access restricted content in certain situations by prioritizing a visitor's IP from certain HTTP headers over PHP's REMOTE ADDR...
WordPress plugin User Access Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
User Access Manager < 2.2.18 - IP Spoofing
Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. PoC Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...
User Access Manager < 2.2.18 - IP Spoofing
Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...
WordPress user-access-manager plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. user-access-manager is a user site management plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...
CVE-2011-5328
The user-access-manager plugin before 1.2 for WordPress has CSRF...
Cross site request forgery (csrf)
The user-access-manager plugin before 1.2 for WordPress has CSRF...
CVE-2011-5328
CVE-2011-5328: WordPress User Access Manager plugin before 1.2 suffers CSRF. Affected component: user-access-manager plugin (WordPress). Root cause: requests can be forged cross-site. Impact stated as CSRF; exploitation status not provided in the documents. Remediation: upgrade to version 1.2 or ...
User Access Manager <= 2.0.8 - Authenticated Reflected Cross-Site Scripting (XSS)
Not patched in 2.0.0 despite what the advisory states. PoC http://www.example.com/wp-admin/admin.php?page=uamusergroupaction=editusergroup=1%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%3C%22...