PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

WAVLINK WN530HG4 - Improper Access Control

Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-34049 info: name: WAVLINK WN530H...

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

Clustering Local File Inclusion

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

CVE-2019-2959

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion component: Security Models. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting...

CVE-2019-2610

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2713

Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce subcomponent: Asset Manager. The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandisin...

CVE-2019-2748

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Application Server. Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2019-2701

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite subcomponent: Web Access. The supported version that is affected is 18.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...

CVE-2019-2930

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite component: Wireless. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field...

CVE-2019-2642

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2019-2794

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2019-2985

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2021-2059

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Web interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

CVE-2022-31039

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in...

CVE-2021-2118

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...