27 matches found
WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability
Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...
WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities
Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...
WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...
WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...
WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability
Authenticated Arbitrary File Edit/Upload vulnerability discovered by Vlad Vector Patchstack in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...
WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...
WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Backup Migration plugin versions = 1.1.5. Solution Update the WordPress Backup Migration plugin to the latest available version at least 1.1.6...
WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...
WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Popular Posts plugin versions = 5.3.3. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.4...
Unspecified vulnerability in Vlad Tansky swiper
Vlad Tansky swiper is a Vlad Tansky open source application . Used in mobile websites , mobile Web applications and mobile native , hybrid applications . Vlad Tansky swiper 6.5.1 version of the previous security vulnerability , there is no detailed vulnerability details provided...
Vlad Tansky swiper 安全漏洞
Vlad Tansky swiper is a Vlad Tansky open source application . Used in mobile websites , mobile Web applications and mobile native , hybrid applications . Vlad Tansky swiper 6.5.1 version of the previous security vulnerability , there is no detailed vulnerability details provided...
vlad-cvet-met.ru Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1106469 Security Researcher MrRain1996 Helped patch 952 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting vlad-cvet-met.ru website...
WordPress Realia plugin <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability
Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability found by Vlad Vector, Erwan LR in WordPress Realia plugin versions = 1.4. Solution 2020-12-03 - no patched version available, only note from WordPress plugin repository "This plugin has been closed as of August 14, 2020 and is...
Windows Kernel - Information Disclosure Vulnerability
PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant 2 extract random values from kernel...
Windows Kernel - Information Disclosure
Windows Kernel - Information Disclosure PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant ...
Microsoft Windows Kernel - Information Disclosure
PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant 2 extract random values from kernel...
Ubuntu: Security Advisory (USN-4095-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.targethost...
Improper access control
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt...
CVE-2009-2024
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt...