CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. Devamını Oku
Devamını oku
CVE-2019-16864
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM. Devamını Oku
CVE-2021-39079
IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. Devamını Oku
CVE-2021-39080
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. Devamını Oku
CVE-2021-25033
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue Devamını Oku
CVE-2021-25050
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Devamını Oku
CVE-2021-25107
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin Devamını Oku
CVE-2021-25109
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. Devamını Oku
CVE-2021-25110
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address. Devamını Oku
CVE-2021-25115
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. Devamını Oku
CVE-2021-25050 (remove_footer_credit)
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Devamını Oku
CVE-2021-25115 (wp_photo_album_plus)
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. Devamını Oku