PT-2023-26239 · WordPress · Artem Abramovich Art Decoration Shortcode

Name of the Vulnerable Software and Affected Versions: Artem Abramovich Art Decoration Shortcode plugin versions 1.5.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher authentication levels. There is no...

WordPress plugin Gestion-Pymes cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Wordpress Plugin Google Analytics Top Content Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control

Software Ultimate Addons for Beaver Builder – Lite Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23882 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 952c840a7b12 Credits...

WordPress plugin Meteor Slides 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

GHSA-4P4W-6H54-G885 Improper Input Validation in Apache Santuario XML Security

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures...

WordPress Survey Maker plugin <= 1.5.5 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Survey Maker plugin versions = 1.5.5. Solution Update the WordPress Survey Maker plugin to the latest available version at least 1.5.6...

Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

nginx 0.8.41 <= 1.5.6 Improper Encoding or Escaping of Output Vulnerability

nginx is prone to a improper encoding or escaping of output vulnerability due to bypass intended restrictions via an unescaped space character in a URI. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2020-35177

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1...

PT-2020-17327 · Hashicorp · Hashicorp Vault Enterprise

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions prior to 1.5.6 HashiCorp Vault Enterprise versions prior to 1.6.1 Description: The issue concerns HashiCorp Vault Enterprise's Sentinel EGP policy feature, which incorrectly allowed requests to be processed...

JobSearch < 1.5.6 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the JobSearch plugin v1.5.5 for WordPress. https://example.com/?%22%3E%3C%2Fa%3E%3C%2Fli%3E%3C%2Ful%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E=%3E...

WordPress Infusionsoft Gravity Forms Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Infusionsoft Gravity Forms is a plug-in that automatically sends form submissions to the Infusionsoft CRM system. A cross-site scriptin...

Fedora 28 : mosquitto (2019-8cbe2a05cd)

Fixes for the following CVES : - CVE-2018-12546 - CVE-2018-12550 - CVE-2018-12551 The list of other fixes addressed in version 1.5.6 is: Broker : - Fixed comment handling for config options that have optional arguments. - Improved documentation around bridge topic remapping. - Handle mismatched...

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DLA-1352-1 : jruby security update

An unsafe object deserialization vulnerability was found in jruby, a 100% pure-Java implementation of Ruby. An attacker can use this flaw to run arbitrary code when gem owner is run on a specially crafted YAML file. For Debian 7 'Wheezy', these problems have been fixed in version 1.5.6-5+deb7u2. ...

ALPINE-CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has been reported by reliable sources...

DEBIAN-CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has been reported by reliable sources...

UBUNTU-CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has been reported by reliable sources...

Arfaly.js Uploader CSRF Delete File Vulnerability

Exploit for php platform in category web applications | | | | | | | \t // \| || ,||, | |//\ ./||/||| \t |/ || \t \t | / | \ | / | || | | \ /| / | \t | |/| | | | | |/| | || || | | || | | \ \ \t | | | | | | | | | || | | | \t || ||| \ || || || |//|| \/ \t\n \t \n \t Usege : php...