The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any…
The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or…
Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. Zafiyet ile ilgili Genel Bilgi,…
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commandsâ€� service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak:…
Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. Zafiyet ile ilgili…
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can…
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database