Lucene search
+L

339 matches found

Patchstack
Patchstack
added 2020/09/16 12:0 a.m.7 views

WordPress WC Marketplace plugin <= 3.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress WC Marketplace plugin versions = 3.5.7. Solution Update the WordPress WC Marketplace plugin to the latest available version at least 3.5.8...

3.4AI score
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/09/03 5:6 p.m.5 views

@ionic/angular (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4), dos-wc-library (>=0.7.7 <=0.7.21) potentially affected by unknown CVE via @ionic/core (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4)

@ionic/core NPM version =4.3.0, =4.3.0, =0.7.7, =0.7.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

5.8AI score
Exploits0
NVD
NVD
added 2020/04/01 5:15 p.m.24 views

CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...

10CVSS9.8AI score0.02601EPSS
Exploits0References1
OSV
OSV
added 2019/05/20 8:29 p.m.4 views

CVE-2019-12241

The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php...

9.8CVSS7.3AI score
Exploits0References2
Openbugbounty
Openbugbounty
added 2017/11/03 2:39 a.m.7 views

wc-advisor.com XSS vulnerability

Open Bug Bounty ID: OBB-389074 Description| Value ---|--- Affected Website:| wc-advisor.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.3AI score
Exploits0
Veracode
Veracode
added 2017/07/30 7:18 a.m.17 views

Cross-site Scripting (XSS)

woocommerce is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the range parameter in the wc-reports page...

4.3CVSS5.8AI score0.02023EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2017/07/28 6:27 a.m.25 views

Cross-Site Scripting (XSS)

woocommerce is vulnerable to cross-site scripting XSS attacks. The attacks can be launched because wp-admin/admin.php does not sanitize the QUERYSTRING in the wc-reports page...

4.3CVSS5.3AI score0.02041EPSS
Exploits1References6Affected Software1
Broadcom
Broadcom
added 2017/06/23 12:0 a.m.15 views

BSA-2017-332

Security Advisory ID : BSA-2017-332 Component : IBM JDK Revision : 3.0: Final IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue. IBMSDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker coul...

8.2CVSS7AI score0.03632EPSS
Exploits0
OSV
OSV
added 2017/05/22 4:29 p.m.5 views

CVE-2017-2161

FlashAirTM SDHC Memory Card SD-WE Series V3.00.02 and earlier and FlashAirTM SDHC Memory Card SD-WD/WC Series V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors...

3.5CVSS5.8AI score0.00447EPSS
Exploits0References3
Prion
Prion
added 2017/05/22 4:29 p.m.12 views

Authentication flaw

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II...

3.3CVSS7.3AI score0.00711EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/05/22 4:0 p.m.47 views

CVE-2016-4863

CVE-2016-4863 concerns Toshiba FlashAir cards (SD-WD/WC class 6; SD-WD/WC class 10 W-02; WE-class W-03; FlashAir II/III W-02/W-03 series) where enabling Internet pass-thru Mode allows authenticationless connections from the STA LAN. The root cause is that the device does not require authenticatio...

4.3CVSS4.7AI score0.00711EPSS
Exploits0References3Affected Software1
hackapp
hackapp
added 2016/04/01 9:11 a.m.8 views

WC-Finder Deutschland - External URLs, MIT license, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application WC-Finder Deutschland published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/02/26 12:0 a.m.5 views

WordPress plugin WooCommerce cross-site scripting vulnerability (CNVD-2015-01281)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...

4.3CVSS6AI score0.02041EPSS
Exploits1References1
Prion
Prion
added 2014/10/14 2:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...

4.3CVSS6.3AI score0.02023EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/12/10 12:0 a.m.37 views

Scientific Linux Security Update : busybox on SL6.x i386/x86_64 (20131121)

It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree. CVE-2013-1813 This update also fixes the following bugs : - Previously, due to ...

7.2CVSS5.6AI score0.00623EPSS
Exploits5References2
Oracle linux
Oracle linux
added 2013/11/25 12:0 a.m.44 views

busybox security and bug fix update

1:1.15.1-20 - Resolves: 855832 'Installation from NFS: That directory could not be mounted from the server' by switching NFS mount default from UDP to TCP. There was another place in uclibc this time which used UDP. 1:1.15.1-19 - Resolves: 1015010 'busybox: insecure directory permissions in /dev'...

7.2CVSS1AI score0.00623EPSS
Exploits5
OpenVAS
OpenVAS
added 2013/11/21 12:0 a.m.37 views

RedHat Update for busybox RHSA-2013:1732-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS8.7AI score0.00623EPSS
Exploits5References2
NVD
NVD
added 2004/12/31 5:0 a.m.21 views

CVE-2004-1773

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via 1 long output from wc to shar, or 2 unknown vectors in unshar...

7.5CVSS7.4AI score0.02992EPSS
Exploits0References5
OSV
OSV
added 2004/12/31 5:0 a.m.5 views

CVE-2004-1773

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via 1 long output from wc to shar, or 2 unknown vectors in unshar...

7.4AI score
Exploits0References6
Rows per page
Query Builder