Lucene search

K

Tips Security Vulnerabilities

cve
cve

CVE-2024-33591

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-04-29 10:15 AM
24
cve
cve

CVE-2023-48285

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-06-04 11:15 AM
1
cve
cve

CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
37
cve
cve

CVE-2022-47588

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through...

9.8CVSS

9.7AI Score

0.001EPSS

2023-11-03 12:15 PM
16
cve
cve

CVE-2022-47163

Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6...

7.5CVSS

7.6AI Score

0.001EPSS

2023-03-14 07:15 AM
19
cve
cve

CVE-2023-22685

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2...

5.9CVSS

4.9AI Score

0.0005EPSS

2023-05-12 04:15 PM
26
cve
cve

CVE-2023-22691

Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1...

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-03 08:15 AM
14
cve
cve

CVE-2021-20782

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified...

8.8CVSS

8.8AI Score

0.002EPSS

2021-07-14 02:15 AM
72
4
cve
cve

CVE-2020-5651

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted...

8.8CVSS

9.1AI Score

0.002EPSS

2020-10-21 04:15 PM
25
cve
cve

CVE-2020-5650

Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified...

6.1CVSS

6.3AI Score

0.001EPSS

2020-10-21 04:15 PM
23
cve
cve

CVE-2015-0895

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status...

7.3AI Score

0.002EPSS

2015-03-07 02:59 AM
18
cve
cve

CVE-2015-0894

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified...

8.7AI Score

0.001EPSS

2015-03-07 02:59 AM
23
cve
cve

CVE-2014-7604

The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

6AI Score

0.0005EPSS

2014-10-20 10:55 AM
17
cve
cve

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged...

8.3AI Score

0.002EPSS

2014-10-02 02:55 PM
32
cve
cve

CVE-2014-5750

The Pro Bet Tips (aka com.wProBetTips) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

6AI Score

0.0005EPSS

2014-09-09 10:55 AM
17
cve
cve

CVE-2010-4968

SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to...

8.8AI Score

0.001EPSS

2011-11-01 10:55 PM
20
cve
cve

CVE-2010-4936

SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to...

8.7AI Score

0.001EPSS

2011-10-09 10:55 AM
17
cve
cve

CVE-2007-5410

PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site...

7.7AI Score

0.054EPSS

2007-10-12 06:17 PM
25
cve
cve

CVE-2007-5363

PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown;.....

7.3AI Score

0.02EPSS

2007-10-11 01:17 AM
28
cve
cve

CVE-2007-5065

PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site...

7.6AI Score

0.03EPSS

2007-09-24 10:17 PM
24
cve
cve

CVE-2004-1101

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a /...

6.6AI Score

0.013EPSS

2005-01-10 05:00 AM
24
cve
cve

CVE-2004-1100

Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append...

6.4AI Score

0.003EPSS

2005-01-10 05:00 AM
29
cve
cve

CVE-2004-1102

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive...

7.3AI Score

0.029EPSS

2005-01-10 05:00 AM
26
cve
cve

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server...

7.1AI Score

0.005EPSS

2005-01-10 05:00 AM
25