42 matches found
CVE-2025-26907
CVE-2025-26907 affects the Estatik Mortgage Calculator (WordPress plugin) with affected versions listed as
WordPress Estatik Mortgage Calculator plugin <= 2.0.12 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Mortgage Calculator Estatik versions = 2.0.12...
CVE-2024-10872
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template-post-custom-field block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
WordPress plugin Getwid – Gutenberg Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
PT-2024-16605 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.12 Description: The issue is related to Stored Cross-Site Scripting via the template-post-custom-field block due to insufficient input sanitization and output...
WordPress plugin Aruba HiSpeed Cache 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress Futurio Extra Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)
Software Futurio Extra Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50446 Patch priority Low CVSS severity Low 6.5 Developer FuturioWP PSID 570d24a78861 Credits João Pedro S Alcântara Kinorth Required...
WordPress PropertyHive plugin <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin PropertyHive versions = 2.0.12...
AZL-31746 CVE-2023-46316 affecting package traceroute for versions less than 2.1.3-1
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...
UBUNTU-CVE-2023-46316
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...
Cross site scripting
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
go-admin 信任管理问题漏洞
go-admin is go-admin-team open source based on Gin + Vue + Element UI front-end and back-end separation of permissions management system . A security vulnerability exists in go-admin also known as GO Admin version 2.0.12, which originated from its use of the string "go-admin" as the production...
JasPer 'jpc_dec.c' Null Pointer Reference Denial of Service Vulnerability
JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A security vulnerability exists in the 'jp2encode' function in JasPer version 2.0.12. An attacker could exploit this vulnerability to cause a denial of service...
SUSE SLES11 Security Update : wireshark (SUSE-SU-2017:1174-1)
Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed : - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in...
[slackware-security] seamonkey
New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/seamonkey-2.0.12-i486-1slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more...
pmwikiXSS.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0005 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ PmWiki 2.0.12 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT...
phpBB Fetch All < 2.0.12 SQLi Vulnerability
phpBB Fetch All is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb";...
phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial)
No description provided by source. 1. Register at forum? 2. Log in with account + UNCHECK "Log in automatically" 3. Close browser to be sure a cookie is made. 4. Locate cookie firefox: X:\Documents and Settings\Name\Application Data\Mozilla\Firefox\Profiles\profile.default\cookies.txt -- search t...
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
----------------------------------- phpBB 2.0.12 Session Handling Administrator Authentication Bypass EXPLOIT -SIMPLIFIED- - By PPC^Rebyte ----------------------------------- 03maa2005 NEDERLANDSE VERSIE ONDERAAN / DUTCH VERSION BELOW ENGLISH VERSION Status phpBB has already been informed about...
[SA14413] phpBB "autologinid" Security Bypass
---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...