Code injection

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained...

CVE-2020-16235 Emerson OpenEnterprise - Inadequate Encryption Strength

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained...

WordPress Footer Plugin for Divi plugin <= 3.3.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Footer Plugin for Divi plugin versions = 3.3.5. Solution No patched version available...

Possible SQL injection in tablelookupwizard Contao Extension

Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...

Possible SQL injection in widget field value

Description Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions ...

Possible SQL injection in widget field value

Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...

FlameCMS SQL Injection Vulnerability

FlameCMS is an open source PHP-based content management system CMS. A SQL injection vulnerability exists in FlameCMS version 3.3.5. An attacker can exploit this vulnerability to cause SQL injection with the help of the id parameter in masterarticle.php...

Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting

The plugin allows Authenticated Agent+ users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed. PoC POST /supportboard/include/ajax.php HTTP/1.1 Cookie: Agent+...

WordPress Support Board plugin <= 3.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by John Jefferson Li in WordPress Support Board plugin versions = 3.3.4. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.5...

Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE (direct check)

The version of Atlassian Crowd installed on the remote host is affected by a remote code execution RCE vulnerability. An unauthenticated, remote attacker can exploit this, by using pdkinstall development plugin, to install arbitrary plugins, which permits remote code execution. TRUSTED...

FlameCMS login.php file SQL injection vulnerability

FlameCMS is an open source PHP-based content management system CMS. A SQL injection vulnerability exists in the account/login.php file in FlameCMS version 3.3.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can...

CVE-2019-16309

FlameCMS 3.3.5 has SQL injection in account/login.php via accountName...

Moodle 3.x Authentication Bypass Vulnerability (Mar 2018) - Linux

Suspended users with OAuth 2 authentication method can still log in to the site. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-15570

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...

XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5

Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication Affected Software: GetSimpleCMS http://get-simple.info/ Affected Version: 3.3.5 probably also prior versions Patched Version: 3.3.6 partial fix Risk: Medium-High Vendor Contacted: 2015-06-14 Vendor Partial Fix: 2015-07-14...

Campsite 3.x 'article_id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39862/info Campsite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

lxml - clean_html Security Bypass

lxml - cleanhtml Security Bypass source: https://www.securityfocus.com/bid/67159/info lxml is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to lxml 3.3...

kernel: drm/i915: integer overflow in i915_gem_do_execbuffer()

Integer overflow in the i915gemdoexecbuffer function in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service out-of-bounds write or possibly have unspecified othe...

Campsite 'article_id' Parameter SQL Injection Vulnerability

This host is running Campsite and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: secpodcampsitesqlinjvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Campsite 'articleid' Parameter SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 SecPod,...

Horde 3.3.5 - &#039;/Administration Interface admin/sqlshell.php?PATH_INFO&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/37351/info Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...