Page 16 of 77 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The total-security plugin before 3.4.1 for WordPress has XSS. El plugin total-security versiones anteriores a 3.4.1 para WordPress, presenta una vulnerabilidad de tipo XSS. The total-security plugin before 3.4.1 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/total-security/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 4

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call. K7Sentry.sys en K7 Computing Ultimate Security, Anti-Virus Plus, y Total Security anterior a 14.2.0.253 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, o 0x950025c8 manipulada. Multiple products from K7 Computing suffer from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35992 http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html http://www.exploit-db.com/exploits/35992 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/113007 • CWE-264: Permissions, Privileges, and Access Controls •