156 matches found
CVE-2023-27618
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in AGILELOGIX Store Locator WordPress plugin = 1.4.9 versions...
WordPress plugin Store Locator WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Design/Logic Flaw
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...
CVE-2023-26118
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...
WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)
Software Store Locator WordPress Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.4.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-27618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa355c2bcc3a Credits Abdi Pranata...
WordPress plugin Store Locator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2021-15655 · Facebook +5 · Zstandard +5
Name of the Vulnerable Software and Affected Versions: Zstandard command-line utility versions 1.4.1 through 1.4.9 Description: The issue arises from an incomplete fix, resulting in output files being created with default permissions before being restricted. This momentary lapse allows unintended...
Spotweb SQL Injection Vulnerability
Spotweb is a Php-based Soptnet client from the Spotweb team that follows the Spotnet protocol. Spotweb 1.4.9 suffers from a SQL injection vulnerability that stems from an inadequate notAllowedCommands protection mechanism...
CVE-2020-35545
Time-based SQL injection exists in Spotweb 1.4.9 via the query string...
UBUNTU-CVE-2020-35545
Time-based SQL injection exists in Spotweb 1.4.9 via the query string...
DRUPAL-CORE-2019-012
The Drupal project uses the third-party library Archive\Tar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The late...
Debian DLA-2005-1 : tnef security update
In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. For Debian 8 'Jessie', this problem has been fixed in version...
Debian: Security Advisory (DLA-2005-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon FreeRTOS for AWS Input Validation Error Vulnerability
Amazon FreeRTOS is an open source operating system for microcontrollers from Amazon USA. An input validation error vulnerability exists in Amazon FreeRTOS v1.4.8 and earlier versions for AWS. The vulnerability stems from the program not checking the length of prvProcessReceivedPublish. An attacke...
PT-2019-13434 · Wpeverest +1 · Everest Forms +1
Name of the Vulnerable Software and Affected Versions: WPEverest Everest Forms plugin for WordPress versions through 1.4.9 Description: A SQL injection issue exists, allowing a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php. This coul...
Debian: Security Advisory (DSA-3869-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-3798-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-839-2 : tnef regression update
While fixing the above mentioned CVEs, upstream introduced a regression. The new patches added for this upload take care of that. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.9-1+deb7u2. We recommend that you upgrade your tnef packages. NOTE: Tenable Network Security has...
openSUSE Security Update : imlib2 (openSUSE-2016-600)
This imlib2 update to version 1.4.9 fixes the following issues : Security issues fixed : - CVE-2011-5326: divide by 0 when drawing an ellipse of height 1 boo974202 - CVE-2014-9762: segmentation fault on images without colormap boo963796 - CVE-2014-9764: segmentation fault when opening specificall...
DEBIAN-CVE-2016-3674
Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...