Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.ĭocker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.Ĭross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
#SYNC BREEZE ENTERPRISE 10.0.28 DOWNLOAD PATCH#
Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Įntries may include additional information provided by organizations and efforts sponsored by US-CERT. Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 The division of high, medium, and low severities correspond to the following scores: The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
0 kommentar(er)
