The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2....
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up...
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and...
The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to...
The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and...
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. Date published : 2021-09-10 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. Date published : 2021-09-10 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user’s APIKEY without authentication. Date published : 2021-09-10 https://www.manageengine.com/products/desktop-central/help/introduction/release_notes.html https://www.manageengine.com/products/desktop-central/improper-access-control.html
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Date published : 2021-09-10 https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613 https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) Date published : 2021-09-10 https://huntr.dev/bounties/ef387a9e-ca3c-4c21-80e3-d34a6a896262 https://github.com/viking04/merge/commit/baba40332080b38b33840d2614df6d4142dedaf6
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s...
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the...
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the...