65 matches found
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress < 3.1.4 - Cross-Site Request Forgery
Description The WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing or incorrect nonce validation on several functions. This...
WordPress Web Accessibility By accessiBe Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)
Software Web Accessibility By accessiBe Type Plugin Vulnerable versions = 1.15 Fixed in 1.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c7254c9aee27 Credits WordFence Required...
You can be tracked online using your Chrome browser extensions
A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the...
GHSA-2C28-7GWV-CPGF Mediawiki tarball is missing .htaccess files
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible...
PunBB 1.4.4 Database Disclosure
From https://j.ludost.net/blog/archives/2019/11/11/minorsecurityissueinpunbbwithsqlite/index.html Minor security issue in punbb with SQLite Georgi Guninski security advisory 76, 2019 Running punbb-master from https://github.com/punbb/punbb from Thu 07 Nov 2019 11:23:33 AM UTC Installing on...
CVE-2007-6688
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."...
CVE-2018-13258
CVE-2018-13258 affects MediaWiki 1.31 prior to 1.31.1. The issue is that the tarball provided for distribution omits .htaccess files, which are intended to protect certain directories from public web access. As a result, directories that should not be web-accessible may be exposed. The vulnerabil...
USN-3112-1 thunderbird vulnerabilities
Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensiti...
Security update for MozillaFirefox, mozilla-nss (important)
MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...
AChecker 1.2 - Multiple Error-Based SQL Injection vulnerabilities
No description provided by source. AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.2 build r530 Summary: AChecker is an open source Web accessibility evaluation tool. It can be use...
AChecker 1.2 - Multiple Error-Based SQL Injection Vulnerabilities
AChecker 1.2 - Multiple Error-Based SQL Injection Vulnerabilities AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.2 build r530 Summary: AChecker is an open source Web accessibility...
ATutor AChecker 1.2 Cross Site Scripting / Path Disclosure
AChecker 1.2 Multiple Remote XSS/PD Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.2 build r530 Summary: AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages base...
AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities
Exploit for php platform in category web applications Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.2 build r530 Summary: AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages...
ATutor AChecker 1.2 SQL Injection
AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.2 build r530 Summary: AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of We...
AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities
Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description Input passed via the parameter 'myownpatchid' in '/updater/patchedit.php' and the parameter 'id' in...
AChecker 1.2 Multiple Remote XSS/PD Vulnerabilities
Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description AChecker suffers from multiple cross-site scripting and path disclosure vulnerabilities. Input thru...
AChecker 1.2 - Multiple Error-Based SQL Injection Vulnerabilities
AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.2 build r530 Summary: AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of We...
Tradingeye E-commerce Shopping Cart Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Tradingeye Multiple Vulnerabilities Vendor: www.tradingeye.com Date: 12th july,2011 Author: $4d0//r007k17 a.k.a Raghavendra Karthik D http://www.shadowrootkit.wordpress.com Google Dork: Powered by Tradingeye. 2009 Tradingeye v6...
CVE-2007-6688
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."...
CVE-2007-6688
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."...