Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-38360: Vulnerability Advisories - Wordfence

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.

CVE

Related news

CVE-2021-3906: Update ImageRepo.php · BookStackApp/BookStack@64937ab

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

CVE-2021-22535: Potential information disclosure vulnerability (CVE-2021-22535)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.

CVE-2021-39404: GitHub - mari0x00/MaianAffiliate-Code-execution-and-XSS

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.

CVE-2021-39339: Vulnerability Advisories - Wordfence

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.

CVE-2021-32265: A global-buffer-overflow in Ap4ByteStream.cpp:783:5 · Issue #545 · axiomatic-systems/Bento4

An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.

CVE-2021-32268: A heap-buffer-overflow in box_dump.c:350 · Issue #1587 · gpac/gpac

Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac through 20200801, allows attackers to execute arbitrary code.

CVE-2021-32294: A heap-buffer-overflow in RIFF.cpp:1151 · Issue #1 · drbye78/libgig

An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution.

CVE-2021-39327: Vulnerability Advisories - Wordfence

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

CVE-2021-41054: atftp / Code / Commit [d255bf]

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

CVE-2021-33362: fixed #1780 (fuzz) · gpac/gpac@1273cdc

Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32137: [security]heap buffer overflow in MP4Box URL_GetProtocolType · Issue #1766 · gpac/gpac

Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32136: [security]heap buffer overlow in MP4Box print_udta · Issue #1765 · gpac/gpac

Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-38338: Vulnerability Advisories - Wordfence

The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

CVE-2021-38320: Vulnerability Advisories - Wordfence

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0.

CVE-2021-38319: Vulnerability Advisories - Wordfence

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.

CVE-2021-38324: Vulnerability Advisories - Wordfence

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.

CVE-2020-0570: 1800604 – (CVE-2020-0570) CVE-2020-0570 qt: files placed by attacker can influence the working directory and lead to malicious code execution

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907