CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49748 – WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability
https://notcve.org/view.php?id=CVE-2023-49748
10 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WPServeur, NicolasKulka, wpformation WPS Hide Login permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a WPS Hide Login: desde ... • https://patchstack.com/database/vulnerability/wps-hide-login/wordpress-wps-hide-login-plugin-1-9-11-secret-login-page-location-disclosure-on-multisites-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-40399
https://notcve.org/view.php?id=CVE-2021-40399
12 May 2022 — An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. Se presenta una vulnerabilidad explotable de uso de memoria previamente liberada en WPS Spreadsheets ( ET ) como parte de WPS Office, versión 11.2.0.10351. Un archivo XLS especialmente diseñado pu... • https://security.wps.cn/notices/28 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 60%CPEs: 1EXPL: 5CVE-2022-24934
https://notcve.org/view.php?id=CVE-2022-24934
23 Mar 2022 — wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. El ejecutable wpsupdater.exe en Kingsoft WPS Office versiones hasta 11.2.0.10382, permite una ejecución de código remota mediante la modificación de HKEY_CURRENT_USER en el registro • https://github.com/webraybtl/CVE-2022-24934 •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 0CVE-2014-2271
https://notcve.org/view.php?id=CVE-2014-2271
14 Jan 2020 — cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. cn.wps.moffice.common.beans.print.CloudPrintWebView en Kingsoft Office versión 5.3.1, como es usado en los dispositivo... • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-6390
https://notcve.org/view.php?id=CVE-2018-6390
29 Jan 2018 — The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. La función WStr::assign en kso.dll en Kingsoft WPS Office 10.1.0.7106 y 10.2.0.5978 no valida el tamaño del bloque de memoria de origen antes de una llamada _copy. Esto permite que ... • https://github.com/Khwarezmia/WPS_POC/tree/master/wps_20180129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6692
https://notcve.org/view.php?id=CVE-2014-6692
23 Sep 2014 — The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Kingsoft Clip (Office Tool) 1.5.1 (también conocida como cn.wps.clip) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través... • http://www.kb.cert.org/vuls/id/453929 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2005-2290
https://notcve.org/view.php?id=CVE-2005-2290
17 Jul 2005 — wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. wps_shop.cgi en WPS Web Portal System 0.7.0 permite que atacantes remotos ejecuten ordenes web de su elección mediante metacaracteres de 'shell' en la variable (1) "art" a (2) "cat". • http://marc.info/?l=bugtraq&m=112128870110418&w=2 •