6 matches found
CVE-2021-25111
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue...
CVE-2024-12682 Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS
The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
phpIPAM SQL注入漏洞
phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in phpIPAM versions prior to 1.5.2. An attacker exploits this vulnerability to perform SQL injection attacks...
openSUSE Tumbleweed 授权问题漏洞
openSUSE Tumbleweed is an open source system from the openSUSE project. A security vulnerability exists in openSUSE Tumbleweed versions prior to 1.5.2-6.1, which stems from the pamaccess.so module not properly restricting logins if a user attempts to connect from an IP address that is not...
ronomon 命令注入漏洞
ronomon is open source a fast and powerful encoder/decoder for RFC 2045 and RFC 2047. Used for buffers in pure Javascript with optional C ++ bindings. A command injection vulnerability exists in ronomon/opened library versions prior to 1.5.2, which can be exploited by remote attackers to execute...
PYSEC-2017-8
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...