Show filters
28 Total Results
Displaying 11-20 of 28
Sort by:
Attacker Value
Unknown

CVE-2023-5884

Disclosure Date: December 04, 2023 (last updated December 09, 2023)
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49030

Disclosure Date: November 27, 2023 (last updated December 02, 2023)
SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-2223

Disclosure Date: May 30, 2023 (last updated October 08, 2023)
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-4751

Disclosure Date: January 23, 2023 (last updated October 08, 2023)
The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-31399

Disclosure Date: August 13, 2021 (last updated February 23, 2025)
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-3515

Disclosure Date: June 01, 2021 (last updated February 22, 2025)
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().
Attack Vector: LocalPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-3882

Disclosure Date: June 25, 2014 (last updated October 05, 2023)
Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
0
0
Attacker Value
Unknown

CVE-2010-4793

Disclosure Date: April 27, 2011 (last updated October 04, 2023)
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
0
0
Attacker Value
Unknown

CVE-2010-4635

Disclosure Date: December 30, 2010 (last updated October 04, 2023)
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
0
0
Attacker Value
Unknown

CVE-2010-4636

Disclosure Date: December 30, 2010 (last updated October 04, 2023)
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
0
0
View More Topics  < Previous  Next >