XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html https://docs.google.com/document/d/1rwN4hJkD5TJfCa16rsGwzYhzL-ODd2VLkFnPvAIq4Ys/edit?usp=sharing
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html File Manager
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html File Manager
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1...
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this...
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator....
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader...
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. Date published...
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system....
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force...