WordPress Plugin User Submitted Posts 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...

PT-2023-35334 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.272 Description: The issue concerns the validation of the addr parameter in the mdiobus get phy function. This is an automated identification of a potential security issue, but the actual impact and attack...

CVE-2022-3907

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...

CVE-2022-29328

D-Link DAP-1330OSS-firmware1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade...

Denial of service

An issue was discovered in the sendsecuremsg function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy call that will crash the running process. This could be used by an attacker ...

CVE-2019-19032

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...

Privilege escalation

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac Consumer 7.0 2017 and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offse...

CVE-2018-18327

CVE-2018-18327 affects Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and later. The vulnerability is a KERedirect untrusted pointer dereference in the KERedirect kernel extension (kext) that allows a local attacker to escalate privileges by dereferencing a user-supplied value without proper...

CVE-2018-18329

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac Consumer 7.0 2017 and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offse...

OpenCV Denial of Service Vulnerability (CNVD-2018-04995)

OpenCV is an open source, cross-platform, lightweight computer vision library. A security vulnerability exists in the 'validateInputImageSize' function in the modules/imgcodecs/src/loadsave.cpp file in OpenCV version 3.4.1. A remote attacker can exploit this vulnerability to cause a denial of...

CVE-2005-2559

doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via 1 shell metacharacters in the epingcount parameter or 2 restricted shell metacharacters such as "" and "&" in the epinghost parameter, which is not handled by the...