WordPress Icegram Engage plugin < 3.1.32 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...

Linux Distros Unpatched Vulnerability : CVE-2017-1000480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

WordPress plugin Icegram Engage 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12302 Icegram Engage < 3.1.32 - Author+ Stored XSS

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks...

GitPython 路径遍历漏洞

GitPython is a Python library open-sourced by gitpython-developers for interacting with Git repositories. A path traversal vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that in order to resolve some git references, GitPython reads the file .git from a...

GitPython 代码问题漏洞

GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A code issue vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that an attacker can trick a user into downloading a repository with a malicious git...

GitPython Security Vulnerabilities

GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A security vulnerability exists in GitPython versions prior to 3.1.32 that stems from not blocking the unsafe non-multi option in clone and clonefrom...

PT-2023-4724

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.32 Description The issue is related to errors in processing input data in the GitPython library, which can allow a remote attacker to execute arbitrary code by injecting a specially crafted URL into the clone...

Security Updates for Microsoft ASP.NET Core (December 2022)

A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Note that Nessus has not tested for this issue but has instead relied only on the...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE such that a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-x64 to version 3.1.32,...

Trusted-Directory Bypass via Path Traversal

Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...