Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

Global Multi School Management System Express 1.0 SQL Injection

Global Multi School Management System Express version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#mac#windows#apple#linux#auth#chrome#webkit
CVE-2023-38905: [CVE-2023-38905] sys/duplicate/check SQL注入 · Issue #4737 · jeecgboot/jeecg-boot

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.

Ubuntu Security Notice USN-6289-1

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

E-Fun CMS 5.0 XML Injection

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.

WordPress Core 5.6.2 XPath Injection

WordPress Core version 5.6.2 appears to suffer from an xpath injection vulnerability via the log parameter.

CVE-2023-2916: core.class.php in iwp-client/tags/1.11.1 – WordPress Plugin Repository

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.

CVE-2020-25915: There is a store Stored XSS vulnerability in user management · Issue #675 · thinkcmf/thinkcmf

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

CVE-2020-36082: An arbitrary file upload vulnerability was found · Issue #7 · alexlang24/bloofoxCMS

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

Debian Security Advisory 5468-1

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Webedition CMS 2.9.8.8 Cross Site Scripting

Webedition CMS version 2.9.8.8 suffers from a persistent cross site scripting vulnerability.