CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25984 – WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25984
13 Jul 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado con necesidad de autenticación (permisos de administrador o superior) en el plugin Rigorous & Factory Pattern Dovetail en versiones anteriores, e incluyendo, la 1.2.13. The Dovetail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.13 due to insuffic... • https://patchstack.com/database/vulnerability/dovetail/wordpress-dovetail-plugin-1-2-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2460 – WPDating < 7.4.0 - Multiple Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-2460
18 Jul 2022 — The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users El plugin WPDating de WordPress versiones hasta 7.1.9, no escapa apropiadamente la entrada del usuario antes de concatenarla con determinadas consultas SQL, conllevando a múltiples vulnerabilidades de inyección SQL The WPDating plugin for WordPress is vulnerable to SQL Injection via the 'sender_id... • https://wpscan.com/vulnerability/694b6dfd-2424-41b4-8595-b6c305c390db • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8990
https://notcve.org/view.php?id=CVE-2020-8990
20 Feb 2020 — Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. Western Digital My Cloud Home versiones anteriores a 3.6.0 e ibi versiones anteriores a 3.6.0, permiten una Fijación de Sesión. • https://support.wdc.com/downloads.aspx?g=907&lang=en#downloads • CWE-384: Session Fixation •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-18929
https://notcve.org/view.php?id=CVE-2019-18929
13 Nov 2019 — Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. El firmware Western Digital My Cloud EX2 Ultra versión 2.31.183, permite a usuarios web (incluidas las cuentas de invitados) ejecutar código arbitrario remotamente por medio de un desbordamiento de búfer en la región heap de la memoria en el archivo download_mgr.cgi. • https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-18930
https://notcve.org/view.php?id=CVE-2019-18930
13 Nov 2019 — Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs. El firmware Western Digital My Cloud EX2 Ultra versión 2.31.183, permite a usuarios web (incluida la cuenta de invitado) ejecutar remotamente código arbitrario por medio de un desbordamiento de búfe... • https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18931
https://notcve.org/view.php?id=CVE-2019-18931
13 Nov 2019 — Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. El firmware Western Digital My Cloud EX2 Ultra versión 2.31.195, permite un Desbordamiento de Búfer con control Extended Instruction Pointer (EIP) por medio de parámetros GET/POST especialmente diseñados • https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2019-9951
https://notcve.org/view.php?id=CVE-2019-9951
24 Apr 2019 — Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage. Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Clou... • https://bnbdr.github.io/posts/wd • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 91%CPEs: 24EXPL: 3CVE-2018-17153 – Western Digital MyCloud Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2018-17153
18 Sep 2018 — It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the c... • https://packetstorm.news/files/id/173802 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13519
https://notcve.org/view.php?id=CVE-2018-13519
09 Jul 2018 — The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. La función mintToken de una implementación de contrato inteligente para DigitalCloudToken, un token de Ethereum, tiene un desbordamiento de enteros que permite al propietario del contrato establecer cualquier valor para el balance de un usuario arbitrario. • https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7910
https://notcve.org/view.php?id=CVE-2017-7910
14 Jun 2017 — A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack. Se ha descubierto un problema de desbordamiento de búfer basado en pila en Digital Canal Structural Wind Analysis en versiones 9.1 y anteriores. Un atacante podría ser capaz de ejecutar código arbitrario explotando de forma remota un ejecutable para realizar un ataque de d... • http://www.securityfocus.com/bid/98976 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •