| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal.
This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. |
| Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. |
| Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. |
| Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. |
| Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection.
This issue affects GIFT4U: from n/a through 1.0.10. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection.
This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. |
| Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects JobBank: from n/a through 1.2.3. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3. |
| Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.
This issue affects Creatify: from n/a through 1.5. |
| Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection.
This issue affects The Hospital: from n/a through 1.8.1. |
| Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Shareaholic: from n/a through 9.7.11. |
| Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Integrate Google Drive: from n/a through 1.3.8. |
| Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects iPages Flipbook: from n/a through 1.5.1. |
| Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
This issue affects Widget Options: from n/a through 4.0.1. |
| Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw() |
| A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width fields to be fully populated with non-null bytes, so a crafted archive whose linkname field (followed by the trailing padding of the 512-byte raw header) contains no null terminator causes strcpy() to read past the end of the 512-byte raw header stack buffer and to write past the destination header buffer. A remote attacker who supplies a crafted TAR archive that the victim opens or parses (via mtar_open(), mtar_read_header(), or mtar_find()) can cause an out-of-bounds read and a stack buffer overflow, resulting in denial of service (crash) and potentially arbitrary code execution. Confirmed with AddressSanitizer: stack-buffer-overflow READ of size 356 in raw_to_header at src/microtar.c:112. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection.
This issue affects SureDash: from n/a through 1.8.0. |
