| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
| The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server. If 'allow_url_fopen' is set to 'On', it is possible to upload a remote file to the server. |
| The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. |
| A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. |
| A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. |
| A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. |
| A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. |
| A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. |
| A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. |
| A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. |
| A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. |
| A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. |
| A security flaw has been discovered in loganhong php loganSite up to c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. This affects an unknown function of the file /includes/article_detail.php of the component Article Handler. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. |
| Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. |
| A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue. |
| Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0. |
