QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.3%.
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.7%.
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.5%.
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.
A remote code execution vulnerability in the Android system (bluetooth). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.8%.
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A remote code execution vulnerability in the Android system (bluetooth). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.0%.
The Googlemaps plugin before 3.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A information disclosure vulnerability in the Android system (bluetooth). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.