339 matches found
WordPress WC Marketplace plugin <= 3.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress WC Marketplace plugin versions = 3.5.7. Solution Update the WordPress WC Marketplace plugin to the latest available version at least 3.5.8...
@ionic/angular (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4), dos-wc-library (>=0.7.7 <=0.7.21) potentially affected by unknown CVE via @ionic/core (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4)
@ionic/core NPM version =4.3.0, =4.3.0, =0.7.7, =0.7.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...
CVE-2018-11106
NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...
CVE-2019-12241
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php...
wc-advisor.com XSS vulnerability
Open Bug Bounty ID: OBB-389074 Description| Value ---|--- Affected Website:| wc-advisor.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Cross-site Scripting (XSS)
woocommerce is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the range parameter in the wc-reports page...
Cross-Site Scripting (XSS)
woocommerce is vulnerable to cross-site scripting XSS attacks. The attacks can be launched because wp-admin/admin.php does not sanitize the QUERYSTRING in the wc-reports page...
BSA-2017-332
Security Advisory ID : BSA-2017-332 Component : IBM JDK Revision : 3.0: Final IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue. IBMSDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker coul...
CVE-2017-2161
FlashAirTM SDHC Memory Card SD-WE Series V3.00.02 and earlier and FlashAirTM SDHC Memory Card SD-WD/WC Series V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors...
Authentication flaw
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II...
CVE-2016-4863
CVE-2016-4863 concerns Toshiba FlashAir cards (SD-WD/WC class 6; SD-WD/WC class 10 W-02; WE-class W-03; FlashAir II/III W-02/W-03 series) where enabling Internet pass-thru Mode allows authenticationless connections from the STA LAN. The root cause is that the device does not require authenticatio...
WC-Finder Deutschland - External URLs, MIT license, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application WC-Finder Deutschland published at the 'play' market has multiple vulnerabilities...
WordPress plugin WooCommerce cross-site scripting vulnerability (CNVD-2015-01281)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...
Cross site scripting
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...
Scientific Linux Security Update : busybox on SL6.x i386/x86_64 (20131121)
It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree. CVE-2013-1813 This update also fixes the following bugs : - Previously, due to ...
busybox security and bug fix update
1:1.15.1-20 - Resolves: 855832 'Installation from NFS: That directory could not be mounted from the server' by switching NFS mount default from UDP to TCP. There was another place in uclibc this time which used UDP. 1:1.15.1-19 - Resolves: 1015010 'busybox: insecure directory permissions in /dev'...
RedHat Update for busybox RHSA-2013:1732-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2004-1773
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via 1 long output from wc to shar, or 2 unknown vectors in unshar...
CVE-2004-1773
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via 1 long output from wc to shar, or 2 unknown vectors in unshar...