[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254802

 
 

909

 
 

198617

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 2296 Download | Alert*

lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.

NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.

ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.

ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extra ...

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

ALCASAR before 3.6.1 allows still_connected.php remote code execution.


Pages:      Start    11    12    13    14    15    16    17    18    19    20    21    22    23    24    ..   229

© SecPod Technologies