Handsome Testimonials & Reviews Project Security Vulnerabilities

Exploit for Deserialization of Untrusted Data in Apache Log4J

Vm4J A tool for detect vmware product log4j vulnerability....

Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

The version of IntegraXor installed on the remote host is a version prior to 4.1 Build 4369. It is, therefore, reportedly affected by an information disclosure vulnerability due to credentials being stored in plaintext. An attacker can potentially exploit this vulnerability to disclose credentials....

CVE-2020-36406

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should....

CVE-2022-35933

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version...

CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another...

CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another...

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...

CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ncast Project Ncast

cve-2024-0305exp cve-2024-0305可用的exp，如需引用请转明出处，感谢！ 0x01...

Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting

h3. Issue Summary When using the open-source [Jira Python library|https://github.com/pycontribs/jira] to make REST API calls to Jira, if [cookie-based authentication|https://jira.readthedocs.io/examples.html#cookie-based-authentication] is used then Jira's rate limits will be bypassed. This can...

CVE-2017-20165

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue....

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

Malicious code in webpack-cli.legacy (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (22737261df7f74819a3f3f968e6516db5e37f6621827d6148b290f7650b9992f) The OpenSSF Package Analysis project identified 'webpack-cli.legacy' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in fkletbbpoc (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (125b0aa54538899871c0071ae4b76678012092032ff03d6ad08c4ecf1a2fc7d7) The OpenSSF Package Analysis project identified 'fkletbbpoc' @ 0.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in commentrating (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (87db588ebd8e7a42cbbbbf7fc21caa36fc553172a0ff4c4e9a58ce9354d62e7f) The OpenSSF Package Analysis project identified 'commentrating' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in verycoolzpac2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (50b609e8ebccac67716745b1447224238ae17c0a78499f90c48aa684d971cded) The OpenSSF Package Analysis project identified 'verycoolzpac2' @ 0.0.3 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in idcs-dialog (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1f9e71c07d690c8293d57afe2530d560684f82b76c844f9904256c1d330fc5af) The OpenSSF Package Analysis project identified 'idcs-dialog' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...

CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

Malicious code in falsepositivecheck6969 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cef392714b654bd14df8ba24c491e8844b54e08fee392bff62632f7f3e5d6fa1) The OpenSSF Package Analysis project identified 'falsepositivecheck6969' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The...

Malicious code in zsbpwebsdktest (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (347bc418b55e9092cd6a48ff3f93f328085fa2c4192ba6dc2c5cf062c3d10c20) The OpenSSF Package Analysis project identified 'zsbpwebsdktest' @ 9999.99.91 (npm) as malicious. It is considered malicious because: - The package....

Malicious code in zsbpwebsdk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bf63d69adabe277a69df70ff7c39dd42b81fad4f512f8204458dc438d7edfb7d) The OpenSSF Package Analysis project identified 'zsbpwebsdk' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in stateful-fastclick (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5a06e5b71a04fa67ca20937e8e438c638644db87d181799a046d22c568e6c4c5) The OpenSSF Package Analysis project identified 'stateful-fastclick' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in myattenuator (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ea4131b4858e840e02fe12b2a8719cfe85598245a84e842b917dd595ea1af4e4) The OpenSSF Package Analysis project identified 'myattenuator' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in policycms (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6fcf99ac2d853174c6d17fd728c94d9fd33306bddfc79312ba47ffe026e42606) The OpenSSF Package Analysis project identified 'policycms' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in back-alley (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (83d1eb07b6ba84ecc98bdd4ad2a1313b540e69509c08d8d66f4b2fe54a1986a7) The OpenSSF Package Analysis project identified 'back-alley' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in confusedatma (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df) The OpenSSF Package Analysis project identified 'confusedatma' @ 9.9.9 (npm) as malicious. It is considered malicious because: - The package...

BIT-gitlab-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

CVE-2023-28639

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...

CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user...

CVE-2024-25924

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through...

CVE-2023-51446

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...

Malicious code in smart-commons (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d5cef67a87cd4a497f6879379a3829535212f7d703197ce6d3130dd03fd2da6) The OpenSSF Package Analysis project identified 'smart-commons' @ 19.6.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in plain-function (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e) The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in links-3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (870f8306aa2e95828fa2fdd771044248f7d5e8e715304b6818773620e5c7a1b2) The OpenSSF Package Analysis project identified 'links-3' @ 9.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in spamsynonym (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce) The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.xrtools.spatial-hash (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (efa5d123e10b0da3ed7e7898101f41654aa13a572def7acb40b838e0ef88e74b) The OpenSSF Package Analysis project identified 'com.unity.xrtools.spatial-hash' @ 2.0.0 (npm) as malicious. It is considered malicious because: -.....

Malicious code in bageth (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e0fb8d217f32446aeb4dbf744d45c5aadd152f0917a228ead1ad0183ac18b995) The OpenSSF Package Analysis project identified 'bageth' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package communicates...

Malicious code in kiln-desktop (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ef3b624dee4eb3ef776b321ad28eddf3bc2d6cde2852fdcb47b0ef795047c6bf) The OpenSSF Package Analysis project identified 'kiln-desktop' @ 2.2.0 (npm) as malicious. It is considered malicious because: The package...

CVE-2023-43813

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the...

Malicious code in en-calendar (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89) The OpenSSF Package Analysis project identified 'en-calendar' @ 1.0.1 (npm) as malicious. It is considered malicious because: The package executes.....

Malicious code in react-green-ui (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3109c997fe1ab2888814f3679bf903a97bce7112d5921a921ae0aea7d787fe3d) The OpenSSF Package Analysis project identified 'react-green-ui' @ 10.0.49 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in store-js-sdk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4462b056f6144f0a42e19147fcc9c5a0277e45631c26bebad88d24513995b773) The OpenSSF Package Analysis project identified 'store-js-sdk' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.test-runner-manual-tests (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (85698be2138d279587657502f67090097d4cbbeb4b05a492c63e318fe69f4560) The OpenSSF Package Analysis project identified 'com.unity.test-runner-manual-tests' @ 2.0.0 (npm) as malicious. It is considered malicious...

Malicious code in afterpay-sdk-example-server (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c) The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 (npm) as malicious. It is considered malicious because: -...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

Malicious code in repsol-uikit (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0ded61aa0f6be46c0b02bb6eb5deb82d4dd4830e41a76cdf52d9d21576c50c57) The OpenSSF Package Analysis project identified 'repsol-uikit' @ 9.999.0 (npm) as malicious. It is considered malicious because: The package...

Malicious code in hydra-consent-app-express (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (44bb7f6bf0f9abc4741ab850705b17f64105e289174cd87fd51831bc95b726c3) The OpenSSF Package Analysis project identified 'hydra-consent-app-express' @ 2.0.0 (npm) as malicious. It is considered malicious because: The...

Malicious code in eslint-config-web3-base (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e23c591b583354dc45114b2ff42008dd281f6a57772a8f5f59a249ab89f2fd84) The OpenSSF Package Analysis project identified 'eslint-config-web3-base' @ 0.1.2 (npm) as malicious. It is considered malicious because: The...

Malicious code in cyclotron-svc (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4f8b0a1aa798da64bb0b8fd50b7a301eb9c0bec31e520948a8b30275bcbe318b) The OpenSSF Package Analysis project identified 'cyclotron-svc' @ 5.0.0 (npm) as malicious. It is considered malicious because: - The package...