Lucene search
K

156 matches found

OSV
OSV
added 2023/06/22 9:15 a.m.4 views

CVE-2023-27618

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in AGILELOGIX Store Locator WordPress plugin = 1.4.9 versions...

4.8CVSS7.3AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.6 views

WordPress plugin Store Locator WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6.4AI score0.00396EPSS
Exploits0References2
Prion
Prion
added 2023/03/30 5:15 a.m.49 views

Design/Logic Flaw

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5CVSS5.3AI score0.01695EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2023/03/30 5:0 a.m.31 views

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5.3CVSS5.5AI score0.01695EPSS
Exploits1References10
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.11 views

WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator WordPress Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.4.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-27618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa355c2bcc3a Credits Abdi Pranata...

5.9CVSS6.3AI score0.00396EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.6 views

WordPress plugin Store Locator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/02/20 12:0 a.m.1 views

PT-2021-15655 · Facebook +5 · Zstandard +5

Name of the Vulnerable Software and Affected Versions: Zstandard command-line utility versions 1.4.1 through 1.4.9 Description: The issue arises from an incomplete fix, resulting in output files being created with default permissions before being restricted. This momentary lapse allows unintended...

5.5CVSS4.9AI score0.00431EPSS
Exploits1References44
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.7 views

Spotweb SQL Injection Vulnerability

Spotweb is a Php-based Soptnet client from the Spotweb team that follows the Spotnet protocol. Spotweb 1.4.9 suffers from a SQL injection vulnerability that stems from an inadequate notAllowedCommands protection mechanism...

9.8CVSS7.4AI score0.01035EPSS
Exploits0References2
OSV
OSV
added 2020/12/17 8:15 p.m.16 views

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

9.8CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2020/12/17 8:15 p.m.4 views

UBUNTU-CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

9.8CVSS7.4AI score0.03803EPSS
Exploits2References3
OSV
OSV
added 2019/12/18 6:30 p.m.8 views

DRUPAL-CORE-2019-012

The Drupal project uses the third-party library Archive\Tar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The late...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/03 12:0 a.m.29 views

Debian DLA-2005-1 : tnef security update

In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. For Debian 8 'Jessie', this problem has been fixed in version...

5.5CVSS6.2AI score0.01203EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/11/30 12:0 a.m.19 views

Debian: Security Advisory (DLA-2005-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.01203EPSS
Exploits1References3
CNVD
CNVD
added 2019/11/11 12:0 a.m.5 views

Amazon FreeRTOS for AWS Input Validation Error Vulnerability

Amazon FreeRTOS is an open source operating system for microcontrollers from Amazon USA. An input validation error vulnerability exists in Amazon FreeRTOS v1.4.8 and earlier versions for AWS. The vulnerability stems from the program not checking the length of prvProcessReceivedPublish. An attacke...

7.5CVSS6.7AI score0.0119EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/07/18 12:0 a.m.6 views

PT-2019-13434 · Wpeverest +1 · Everest Forms +1

Name of the Vulnerable Software and Affected Versions: WPEverest Everest Forms plugin for WordPress versions through 1.4.9 Description: A SQL injection issue exists, allowing a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php. This coul...

9.8CVSS9.9AI score0.02581EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2017/05/31 12:0 a.m.22 views

Debian: Security Advisory (DSA-3869-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.01934EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/02/28 12:0 a.m.18 views

Debian: Security Advisory (DSA-3798-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.0154EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/02/28 12:0 a.m.43 views

Debian DLA-839-2 : tnef regression update

While fixing the above mentioned CVEs, upstream introduced a regression. The new patches added for this upload take care of that. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.9-1+deb7u2. We recommend that you upgrade your tnef packages. NOTE: Tenable Network Security has...

7.8CVSS7.4AI score0.0154EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/05/20 12:0 a.m.29 views

openSUSE Security Update : imlib2 (openSUSE-2016-600)

This imlib2 update to version 1.4.9 fixes the following issues : Security issues fixed : - CVE-2011-5326: divide by 0 when drawing an ellipse of height 1 boo974202 - CVE-2014-9762: segmentation fault on images without colormap boo963796 - CVE-2014-9764: segmentation fault when opening specificall...

9.8CVSS7.4AI score0.05839EPSS
Exploits0References16
OSV
OSV
added 2016/05/17 2:8 p.m.4 views

DEBIAN-CVE-2016-3674

Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...

7.5CVSS7AI score0.08179EPSS
Exploits0References1
Rows per page
Query Builder