CVE-2024-31448

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

CVE-2024-31448

CVE-2024-31448 is a Cross-site Scripting (XSS) vulnerability in Combodo iTop triggered by malicious CSV content during import. Affected software is Combodo iTop (web-based IT Service Management). The issue is fixed in versions 3.1.2 and 3.2.0; users should upgrade to one of these versions or late...

CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

Cosmos: Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse

A heap-buffer-overread vulnerability was discovered in the containswhitespace function when calling parservalidate after supplying a maliciously crafted buffer to parserparse. The vulnerability was not exploitable in the primary use case of the library, but a length check was added to prevent thi...

SUSE CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

DEBIAN-CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

DEBIAN-CVE-2024-49996

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function...

DEBIAN-CVE-2024-49923

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Pass non-null to dcn20validateapplypipesplitflags WHAT & HOW "dcn20validateapplypipesplitflags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This...

CVE-2024-49623

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through = 1.0...

CVE-2024-49623

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0...

CVE-2024-49623 WordPress Duplicate Title Validate plugin <= 1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through = 1.0...

CVE-2024-49623

CVE-2024-49623 affects the WordPress plugin Duplicate Title Validate (versions n/a through 1.0). Described as an SQL Injection vulnerability due to improper neutralization of input, enabling Blind SQL Injection. Public details show the affected plugin and CVE in multiple feeds (WordPress/NVD, Pat...

CVE-2024-49623 WordPress Duplicate Title Validate plugin <= 1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through = 1.0...

WordPress plugin Duplicate Title Validate SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2024-33578 · WordPress · Duplicate Title Validate

Name of the Vulnerable Software and Affected Versions: Duplicate Title Validate versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, specifically an improper neutralization of special elements used in an SQL command. This allows for Blind SQL Injection,...

WordPress Duplicate Title Validate plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Duplicate Title Validate versions = 1.0...

WordPress Duplicate Title Validate Plugin <= 1.0 is vulnerable to SQL Injection

Software Duplicate Title Validate Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49623 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62fe8295ce3c Credits Muhamad Agil Fachrian Required privilege...

CVE-2024-46802

...

CVE-2024-9687

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...

PT-2024-39763 · WordPress · Wp 2Fa With Telegram

Name of the Vulnerable Software and Affected Versions: WP 2FA with Telegram plugin for WordPress versions up to, and including, 3.0 Description: The issue is due to insufficient validation of the user-controlled key on the 'validate tg' action. This makes it possible for authenticated attackers,...