WordPress File Upload is a WordPress plugin with more than 20.000 active installations. Version 4.3.2 (and possibly previous versions) are affected by a Stored XSS vulnerability in the admin panel, related to the 'Uploader Instances' functionality. To exploit the vulnerability, an attacker must login to the admin panel, access the Wordpress File Upload Control Panel, choose and edit a created Instance, and inject an XSS pattern such as <script>alert('ManhNho')</script> into the Plugin ID field. Accessing Pages/Posts containing the upload option will then trigger the alert.
A type confusion vulnerability exists in the V8 JavaScript engine due to incorrect optimization of the LoadElimination::ReduceTransitionElementsKind function. This lack may lead CheckMap instructions to be removed incorrectly, allowing an attacker to access memory locations that should not be accessible. A proof-of-concept (PoC) demonstrating type confusion is provided in the text.
DELL EMC Avamar fails to restrict access to Configuration section that let Administrators set up Installation Manager configurations, or check for new packages from the Online Support site. An unauthenticated, remote attacker could add an Online Support Account for DELL EMC without any user interactio, allowing the attacker to download and install packages from the DELL EMC Online Support site.
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the 'Site Description' and 'Site Title' fields. An attacker can inject malicious JavaScript code into the 'Site Description' and 'Site Title' fields, which will be executed in the browser of the victim when the page is loaded.
A vulnerability exists in Plugin Google Drive for WordPress 2.2, where the $_POST['file_name'] parameter is not escaped, allowing an attacker to send malicious data form and execute arbitrary code. No login is required to exploit this vulnerability.
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. An attacker can send a malicious request to the vulnerable page and execute arbitrary JavaScript code in the victim's browser.
A vulnerability exists in the Plugin Buddypress Xprofile Custom Fields Type 2.6.3, where the $_POST[ 'field_' . $field_id . '_hiddenfile' ] and $_POST[ 'field_' . $field_id . '_deleteimg' ] parameters are not escaped, allowing an attacker to execute arbitrary code. An attacker can exploit this vulnerability by logging in as a regular user, accessing the Edit Profile page, registering data with an image, and then changing the parameter to delete the image in the HTML and saving the profile.
The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server.
Activity Log is a WordPress plugin which tracks site activity. It has more than 70.000 active installations. Version 2.4.0 (and possibly the previous ones) are affected by several Stored XSS vulnerabilities. To successfully exploit this vulnerability, an attacker would have to perform any of the following: Create/edit/draft/publish/trash/untrash a post with JavaScript in the title, Create/edit/trash/untrash/mark_as_spam/unmark_as_spam a comment on a post with JavaScript in the title, Add/edit/delete an attachment with JavaScript in the attachment title. Regular website visitors will not have the capability to do any of these, however, possible threa actors are: Administrators, Editors, Authors, Contributors.
Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client.
Services By CQR