288 matches found
Wordpress plugin Advanced Contact form 7 DB 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Plugin Cloak Front End Email 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
YMFE YApi 跨站脚本漏洞
YMFE YApi is a visual interface management platform from YMFE Corporation. A security vulnerability exists in YMFE YApi version 1.9.1. An attacker can exploit this vulnerability to execute arbitrary code via the /interface/api edit page...
PT-2023-12296 · Yapi · Yapi
Name of the Vulnerable Software and Affected Versions: yapi version 1.9.1 Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code via the "interface/api" edit page. Recommendations: For yapi version 1.9.1, update to a newer version that contains a fix for this iss...
WordPress Cloak Front End Email Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Cloak Front End Email Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0150 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8e7d5eb708ad Credits István Márto...
PYSEC-2023-14
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site...
PT-2022-23055 · Github · @Actions/Core
Name of the Vulnerable Software and Affected Versions: @actions/core versions prior to v1.9.1 Description: The core.exportVariable function uses a well-known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that writ...
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...
CVE-2022-24294
A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...
PT-2022-3914
Name of the Vulnerable Software and Affected Versions Apache MXNet versions prior to 1.9.1 Description A regular expression used in Apache MXNet is vulnerable to a potential denial-of-service by excessive resource consumption. The issue could be exploited when loading a model in Apache MXNet that...
qdPM 9.1 - Remote Code Execution (Authenticated) Exploit
Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett thepcn3rd Vendor...
au.net.causal.projo:projo (>=1.0 <=1.1), au.net.causal.projo:projo-jodatime (>=1.0 <=1.1) +1208 more potentially affected by CVE-2014-9970 via org.jasypt:jasypt (>=1.0 <=1.9.1)
org.jasypt:jasypt MAVEN version =1.0, =1.0, =1.0, =1.0, =1.0, =0.1, =0.1, =4.4-4, =6.0-2, =4.4-19, =4.4-5, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.5.1-rc-8 and more Source cves: CVE-2014-9970 Source advisory: OSV:GHSA-R5C2-RXH2-F5H2...
CVE-2022-24837
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
CVE-2022-24837 Enumerable upload file names in hedgedoc
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
HedgeDoc 代码问题漏洞
Hedgedoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the Hedgedoc team. A security vulnerability exists in HedgeDoc version 1.9.1 and later versions, which stems from an uploaded image having an enumerable filename after uploading, resulting in the...
CVE-2022-0701
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. PoC curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...
shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)
shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...
POChouse
Based on the provided context, here is a summary of the analysis: Classification: Apache Flink 1.9.x has a vulnerability that allows for arbitrary command execution and reverse shell through malicious JAR package upload. Affected Version: = 1.9.1 POC: The proof-of-concept POC code is written in...
GHSA-H6MQ-3CJ6-H738 Reverse Tabnabbing in showdown
Versions of showdown prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation Upgrade to version 1.9.1 or lat...