EUVD-2024-28427

Malicious code in bioql PyPI...

WordPress Molongui Plugin <= 4.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Molongui Type Plugin Vulnerable versions = 4.7.7 Fixed in 4.7.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30507 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID c7f745bc9de4 Credits CatFather Required...

HandlebarsJS < 4.7.7 Multiple Vulnerabilities

According to its self-reported version number, HandlebarsJS on the remote server is prior to version 4.7.7. Therefore, it may be affected by multiple vulnerabilities. - A Prototype Pollution Vulnerability when seleclecting certain compiling options to compile templates originating from untrusted...

CVE-2023-3163

A vulnerability was found in yproject RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability...

CVE-2023-3163

A vulnerability was found in yproject RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability...

phpMyAdmin 4.7.7 < 4.9.2 SQL Injection

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to exposure to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Prototype Pollution in handlebars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source...

GHSA-765H-QJXV-5F44 Prototype Pollution in handlebars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source...

Remote code execution when compiling templates

Overview handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. Recommendation Upgrade to version 4.7.7 or later References - CVE - GitHub Advisory...

GHSA-F2JV-R9RF-7988 Remote code execution in handlebars when compiling templates

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

Handlebars Remote Code Execution Vulnerability

Handlebars is a semantic Web template system. A remote code execution vulnerability exists in Handlebars versions prior to 4.7.7, which stems from Handlebars being susceptible to Remote Code Execution RCE attacks when certain compilation options are selected to compile templates from untrusted...

handlebars 安全漏洞

Handlebars is a semantic Web template system. A remote code execution vulnerability exists in Handlebars versions prior to 4.7.7, which stems from Handlebars being susceptible to Remote Code Execution RCE attacks when certain compilation options are selected to compile templates from untrusted...

Pluck cross-site scripting vulnerability (CNVD-2018-25042)

Pluck is a simple content management system CMS written in PHP. A cross-site scripting vulnerability exists in Pluck version 4.7.7. A remote attacker can exploit this vulnerability by sending the 'title' field to the admin.php?action=editpage&page=14253123 URL to execute malicious script...

phpMyAdmin XSRF/CSRF Vulnerability (PMASA-2017-9) - Windows

phpMyAdmin is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openSUSE Security Update : phpMyAdmin (openSUSE-2017-1421)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed : - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvement...

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

WP ProPlayer plugin<= 4.7.7 injection vulnerability-vulnerability warning-the black bar safety net

Exploit Title: ProPlayer plugin tablePrefix."proplayerplaylist WHERE POSTID='$id'"; $playlistRow = mysqlfetchrow$query; return $this-withBackwardCompatibility$playlistRow2; ... if ! empty$GET"ppplaylistid" header"Content-type: application/xml"; $xml =...