14 failles trouvées
filtres actifsA security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiated r
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's' param
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper aut
[local] NetBT e-Fatura - Privilege Escalation
[webapps] D-Link DIR-650IN - Authenticated Command Injection
basic-ftp has FTP Command Injection via CRLF
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
[webapps] WeGIA 3.5.0 - SQL Injection
[local] glibc 2.38 - Buffer Overflow
[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection