Atlassian Sourcetree for Mac 安全漏洞

Atlassian Sourcetree for Mac is a GUI tool for version control systems from Atlassian Australia. A security vulnerability exists in Atlassian Sourcetree for Mac version 4.2.8, which originates from a local attacker who can execute arbitrary code under the context of the user running the program...

CVE-2023-3109

Cross-site Scripting XSS - Stored in GitHub repository admidio/admidio prior to 4.2.8...

WordPress plugin Splitit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Atlassian Sourcetree 安全漏洞

Atlassian Sourcetree is a free Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A security vulnerability exists in Atlassian Sourcetree Mac version 4.2.8 and Windows version 3.4.19, which stems from vulnerability to remote code execution...

PT-2024-39077 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7 Description: The issue allows unauthenticated attackers to perform SQL Injection via the c fields parameter of the "/wp-json/lp/v1/courses/archive-course" REST API endpoin...

WordPress Ultimate Auction Plugin <= 4.2.67 is vulnerable to Broken Access Control

Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.67 Fixed in 4.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6591 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 97fe9efdff7a Credits Lucio Sá Required...

Random Banner <= 4.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Random Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

WordPress Random Banner Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Random Banner Type Plugin Vulnerable versions = 4.2.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35645 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 790148240990 Credits Rayhan Ramdhany Hanaputra Required privile...

WordPress Contact Form by BestWebSoft Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by BestWebSoft Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2198 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b02a52616ddf Credits...

SPIP < 4.1.14, 4.2.x < 4.2.8 XSS Vulnerability

SPIP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...

CVE-2023-3109 Cross-site Scripting (XSS) - Stored in admidio/admidio

Cross-site Scripting XSS - Stored in GitHub repository admidio/admidio prior to 4.2.8...

WordPress Plugin ChatBot 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Vulnerability fixed in Joomla!

Joomla has fixed a vulnerability. An unauthenticated remote malicious person could exploit the vulnerability to gain access to vulnerable servers without prior authentication to gain access to vulnerable web endpoints. The consequential damage depends on the endpoint and could potentially lead to...

SUSE CVE-2018-7184

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the mos...

PT-2023-13550 · Unknown · Jetnexus/Edgenexus Adc

Name of the Vulnerable Software and Affected Versions: JetNexus/EdgeNexus ADC version 4.2.8 Description: The management portal component of the software contains a command injection issue, allowing authenticated attackers to execute arbitrary commands through a specially crafted payload. This iss...

EdgeNexus ADC 操作系统命令注入漏洞

EdgeNexus ADC is a powerful and easy-to-use load balancer from EdgeNexus. An operating system command injection vulnerability exists in EdgeNexus ADC version 4.2.8, which stems from the presence of a command injection vulnerability that allows an authenticated attacker to execute arbitrary comman...

CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

Code injection

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

CVE-2021-43852 JavaScript Prototype Pollution in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

CVE-2021-45885

An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...