Simon Security Vulnerabilities
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4...
7.1CVSS
6AI Score
0.0005EPSS
Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party...
8.6AI Score
0.005EPSS
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when...
5.9AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third...
8.3AI Score
0.004EPSS
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually...
7.5CVSS
5.4AI Score
0.003EPSS
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download...
9.8CVSS
9.5AI Score
0.016EPSS
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer...
9.8AI Score
0.021EPSS
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the...
5.5AI Score
0.0004EPSS
A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted...
6.3AI Score
0.006EPSS
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle...
6.3AI Score
0.005EPSS
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the.....
7.7AI Score
0.027EPSS
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting....
7.3AI Score
0.015EPSS
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA...
5.9AI Score
0.0004EPSS
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a...
6.5AI Score
0.015EPSS
CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified...
7.1AI Score
0.002EPSS
Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted...
6.8AI Score
0.016EPSS
Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.9AI Score
0.004EPSS
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain...
6.6AI Score
0.0004EPSS
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party...
7.4AI Score
0.012EPSS
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than...
8.4AI Score
0.002EPSS
Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2)...
7.9AI Score
0.026EPSS
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3)...
5.9AI Score
0.003EPSS
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands.....
8AI Score
0.022EPSS
Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query...
6AI Score
0.004EPSS
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log...
8.2AI Score
0.018EPSS
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot)...
6.9AI Score
0.009EPSS