EUVD-2022-6226

Malicious code in bioql PyPI...

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure vulnerability

Missing Authorization to Password Protected Post Disclosure vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8...

CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Path Traversal

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-8704 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 6882269240d3 Credits TANG Cheuk Hei siunam Required...

PT-2024-38815 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.8 Description: The issue allows authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary...

WordPress plugin Advanced File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Magic Post Thumbnail Plugin < 5.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Magic Post Thumbnail Type Plugin Vulnerable versions 5.2.8 Fixed in 5.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6724 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 20883b9f1f02 Credits Kieran Burge Required...

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8...

WordPress plugin The Plus Addons for Elementor Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

Cross site scripting

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

WordPress Smart Variations Images & Swatches for WooCommerce Plugin < 5.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Smart Variations Images & Swatches for WooCommerce Type Plugin Vulnerable versions 5.2.8 Fixed in 5.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8c57c7b671c4 Credits...

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

CVE-2022-36272

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter...

PT-2022-23287 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.8 Description: A SQL injection issue was found in the /mdiy/page/verify URI via the fieldName parameter. This allows for potential exploitation. Recommendations: For Mingsoft MCMS version 5.2.8, avoid using the...

CVE-2022-31943

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability...

MingSoft MCMS 代码问题漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS v5.2.8, which contains an arbitrary file upload vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs. Vulnerability Details CVEID:...

Linux Kernel Null Pointer Dereference Vulnerability (CNVD-2019-38263)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in drivers/net/wireless/ath/ath6kl/usb.c in Linux kernel 5.2.8 and...

IBM Tivoli Storage Productivity Center and IBM Spectrum Control Cross-Site Scripting Vulnerability

IBM Tivoli Storage Productivity Center and IBM Spectrum Control are both storage resource management software from IBM USA. A cross-site scripting vulnerability exists in IBM Tivoli Storage Productivity Center versions 5.2.0 through 5.2.7.1 and IBM Spectrum Control versions 5.2.8 through 5.2.11. ...