Handsome Testimonials & Reviews Project Security Vulnerabilities

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec...

Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

Argo CD's API server does not enforce project sourceNamespaces in...

WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload

WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still.....

Exploit for Code Injection in Exiftool Project Exiftool

CVE-2021-22204 Exploit for CVE-2021-22204 (ExifTool) -...

Site Reviews < 7.0.0 - IP Spoofing

Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking PoC Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...

CVE-2024-4705 Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode

The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent...

CVE-2024-23900

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by....

CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior...

CVE-2024-4705 Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode

The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...

ReviewX – Multi-criteria Rating & Reviews for WooCommerce < 1.6.28 - Missing Authorization

Description The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for...

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.

{panel:bgColor=#e7f4fa} NOTE: This bug report is for JIRA Server. Using JIRA Cloud? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34389]. {panel} Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly....

CVE-2023-48715

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a....

CVE-2024-5218 Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting

The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Microsoft Project Installed (credentialed check)

Microsoft Project, a project management application, is installed on the remote Windows...

Freestyle Testimonials Component for Joomla! Unspecified SQLi

The version of the Freestyle Testimonials component for Joomla! running on the remote host is affected by an unspecified SQL injection vulnerability due to improper sanitization of user-supplied input before using it to construct database queries. An unauthenticated, remote attacker can exploit...

CVE-2022-36030

Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes...

PostNuke Reviews Module title Parameter XSS

The remote host is running a version of PostNuke that contains the 'Reviews' module, which itself is vulnerable to a cross-site scripting issue. An attacker may use this flaw to steal the cookies of the legitimate users of this...

CVE-2024-5218 Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting

The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Exploit for Out-of-bounds Write in Readymedia Project Readymedia

CVE-2023-33476 ReadyMedia (MiniDLNA) versions from 1.1.15...

Exploit for Deserialization of Untrusted Data in Flask-Caching Project Flask-Caching

CVE-2021-33026 Pickle Serialization Remote Code Execution -...

CVE-2023-39521

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps)....

Exploit for Out-of-bounds Write in Haxx Libcurl

$ chmod +x run.sh $ ./ru...

Visual Website Collaboration, Feedback & Project Management – Atarim < 3.31 - Unauthenticated Stored Cross-Site Scripting

Description The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2003-0063

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the.....

CVE-2023-38508

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project,...

Exploit for Injection in Lindell17 Project Lindell17

CVE-2023-33242 CVE-2023-33242 PoC The simulated Lindell17...

AppServ Open Project 'appservlang' XSS Vulnerability

AppServ Open Project is prone to a cross-site scripting (XSS)...

CVE-2022-31128

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the....

CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to.....

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype...

CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...

CVE-2023-23938

Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration....

CVE-2023-35929

Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and...

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in...

CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...

CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web...

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do...

WebM Project WebP Image Library Installed (Linux)

WebM Project WebP Image Library is installed on the remote Linux host. Note: Thorough Tests is required for this plugin to...

WebM Project WebP Image Library Installed (Windows)

WebM Project WebP Image Library (libwebp), a library for encoding and decoding WebP image files, is installed on the remote Windows host. Note: Thorough tests is required for this plugin to...

CVE-2022-39233

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can....

Exploit for Authentication Bypass by Spoofing in Python-Jwt Project Python-Jwt

CVE-2022-39227 CVE-2022-39227 : Proof of Concept Proof of...

Exploit for Server-Side Request Forgery in Fusion Builder Project Fusion Builder

CVE-2022-1386 - Fusion Builder &lt; 3.6.2 - Unauthenticated SSRF...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 Exploit for the [pwnkit...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 Local privilege escalation via pkexec...