IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. Date published : 2020-02-25 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. Date published : 2020-02-25 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. Date published : 2020-02-25 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. Date published : 2020-02-25 ISPConfig 3.1.15p3 Released – Security Bugfix Release
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. Date published : 2020-02-25 Pricing Table by Supsystic
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. Date published : 2020-02-25 Pricing Table by Supsystic
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the...
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2....
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to...
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by...
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed...
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. Date published : 2020-02-25 https://cert.ikiu.ac.ir/public-files/pages/attachments/11/a1f0e3e5aa9ba583298d03758b8ae95c.pdf https://uploadboy.com/uhxq91nuxd6d/423/mp4
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. Date published : 2020-02-25 https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf https://uploadboy.com/7njf43f167is/384/mp4
LiteCart through 2.2.1 allows CSV injection via a customer’s profile. Date published : 2020-02-25 https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf https://uploadboy.com/7njf43f167is/384/mp4