4145 matches found
WordPress VR Calendar <=2.3.2 - Remote Code Execution
WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without...
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...
WCFM Membership <= 2.10.0 - Broken Access Control
The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...
WordPress WooCommerce <3.1.2 - Arbitrary Function Call
WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary...
Jira Netic Group Export <1.0.3 - Missing Authorization
Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a...
WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model. id: CVE-2022-29455 info: name: WordPress Elementor Website Builder = 3.5.5 - DOM Cross-Site Scripting author: rotembar,daffainfo severity: medium...
MicroStrategy Library <11.1.3 - Cross-Site Scripting
MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export
includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...
GitLab Enterprise Edition - Server-Side Request Forgery
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...
osTicket < 1.12.1 - Cross-Site Scripting
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Teclib GLPI = 9.3.3 exposes a script /scripts/unlocktasks.php that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. id: CVE-2019-10232 info: name:...
DOMOS 5.5 - Local File Inclusion
SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. id: CVE-2019-18665 info: name: DOMOS 5.5 - Local File Inclusion author: 0xAkoko severity: high description: | SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. impact: | Successful exploitation of this...
qdPM 9.1 - Cross-site Scripting
qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...
phpMyAdmin <4.8.5 - Local File Inclusion
phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfi...
Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...
HotelDruid 2.3.0 - Cross-Site Scripting
HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mesefine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizzatabelle.php. id: CVE-2019-8937 info: name: HotelDruid 2.3.0 - Cross-Site Scripting author: LogicalHunte...
Allied Telesis AT-GS950/8 - Local File Inclusion
Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface. id: CVE-2019-18922 info: name: Allied Telesis AT-GS950/8 - Local File Inclusion author: 0xAkoko severity: high description: | Allied Telesis AT-GS950/8 until Firmware AT-S107...
Lansweeper Unauthenticated SQL Injection
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. id: CVE-2019-13462 info: name: Lansweeper Unauthenticated SQL Injection author: divyamudgal severity: critical description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. impact: | This vulnerability can lead to...
WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. id: CVE-2019-17231 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Stored XSS author: daffainfo severity: medium description: | includes/theme-functions.php in the OneTone...
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can...
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...
Huawei Firewall - Local File Inclusion
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...
TOTOLINK Realtek SD Routers - Remote Command Injection
TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...
Jenkins <=2.196 - Cookie Exposure
Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue. id: CVE-2019-10405...
LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript. id: CVE-2019-3911 info: name: LabKey Server Communi...
WordPress Yuzo <5.12.94 - Cross-Site Scripting
WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can consequently inje...
Custom 404 Pro < 3.2.8 - Cross-Site Scripting
Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
PHPSHE 1.7 - SQL Injection
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. id: CVE-2019-9762 info: name: PHPSHE 1.7 - SQL Injection author: DhiyaneshDK severity: critical description: | A SQL Injection was...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...
Genie Access WIP3BVAF IP Camera - Local File Inclusion
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow. id: CVE-2019-7315 info: name: Genie Access WIP3BVAF IP Camera - Local File Inclusion author: 0xAkoko severity: hi...
LiveZilla Server 8.0.1.0 - Cross-Site Scripting
LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. id: CVE-2019-12962 info: name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting author: Clment Cruchet severity: medium description: | LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. impact: |...
Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...
WordPress API Bearer Auth <20190907 - Cross-Site Scripting
WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php. id: CVE-2019-16332 info: name: WordPress API Bearer Auth 20190907 - Cross-Site Scripting author: daffainfo severity: medium...
Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...
Zeroshell 3.9.0 - Remote Command Execution
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. id: CVE-2019-12725 info...
MindPalette NateMail 3.0.15 - Cross-Site Scripting
MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note...
WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...
LabKey Server Community Edition <18.3.0 - Open Redirect
LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...
Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...
WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cross-site scripting caused by insufficient sanitization in the GDPR page, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires victim to visit a malicious page. id:...
Metinfo 7.0.0 beta - SQL Injection
Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter. id: CVE-2019-16996 info: name: Metinfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description:...
DomainMOD <=4.13.0 - Cross-Site Scripting
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters. id: CVE-2019-15811 info: name: DomainMOD =4.13.1 to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47325 -...
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. id: CVE-2018-18775 info: name: Microstrategy Web 7 - Cross-Site Scripting author: 0xAkoko severity: medium description: Microstrategy Web 7 does not...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...
Seagate NAS OS 4.3.15.1 - Open Redirect
Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. id: CVE-2018-12300 info: name: Seagate NAS OS 4.3.15.1 - Open Redirect author: 0xAkoko severity: medium...
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. id: CVE-2018-15917 info: name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium...