SolarWinds Serv-U FTP Server versions through 15.2.1 do not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger cross site scripting payloads.
63b2c20217bc49cd26d5d1117a3e0ef300ddd3efe77e545937de5ae02474c7acSolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.
64b515c78c524df69e596a9ac43e62c6feeaae73ff31f506f5da5c63c7573d1aOpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
895921eb0a53976c8b5da677f784a32391efcbd1cc80d796ef72378efa54580aOpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
078180c0088a10bb5564b3436104fdcc80f9d53548b5cf7063cb5edac1d63305OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
a0acbb09078931bf9f089e891b334d18ce2ebf45b68c44d5c001bc986f5e04b9The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
ad00d431157ae8f7dd34f7235a000e058a087a21a50442a4aad8f2801e7fdb27WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.
6aa12eb5e2a30f4c4d114b32f8b866bc1a6a86a0191f2dd3043d5c986c598b92WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability.
38cc536fa634ad0e7e4c8028f098b79ee4e5dc38a1859d06b32822642b372df3WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.
1ebb98495b8fa8dad24676dddccc093fc59175e279731d6f0c3ed82e9cbe5251
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed