Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

name directory project name directory vulnerabilities and exploits

(subscribe to this query)
6.1
CVSSv3
CVE-2022-2071
The Name Directory WordPress plugin prior to 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow malicious users to make a logged in admin import arbitrary names with XSS payloa...
Name Directory Project Name Directory
6.1
CVSSv3
CVE-2022-2072
The Name Directory WordPress plugin prior to 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS...
Name Directory Project Name Directory
8.8
CVSSv3
CVE-2023-22692
Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.
Name Directory Project Name Directory
8.8
CVSSv3
CVE-2021-20652
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and previous versions allows remote malicious users to hijack the authentication of administrators via unspecified vectors.
Name Directory Project Name Directory
7.4
CVSSv3
CVE-2016-2087
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
Hexchat Project Hexchat 2.11.0
5.4
CVSSv3
CVE-2024-22548
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.
Flycms Project Flycms 1.0
6.1
CVSSv3
CVE-2018-3755
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Sexstatic Project Sexstatic 0.6.0Sexstatic Project Sexstatic 0.6.2
NA
CVE-2010-3998
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and previous versions place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be...
Banshee-project Banshee 1.0Banshee-project Banshee 0.13.2Banshee-project BansheeBanshee-project Banshee 1.7.0Banshee-project Banshee 1.6.0Banshee-project Banshee 1.5.1Banshee-project Banshee 1.5.0Banshee-project Banshee 1.4.3Banshee-project Banshee 1.4.2Banshee-project Banshee 1.7.6Banshee-project Banshee 1.7.5Banshee-project Banshee 1.6.1Banshee-project Banshee 1.5.6Banshee-project Banshee 1.4Banshee-project Banshee 1.7.4Banshee-project Banshee 1.7.3Banshee-project Banshee 1.5.5Banshee-project Banshee 1.5.4Banshee-project Banshee 1.2.1Banshee-project Banshee 1.2Banshee-project Banshee 1.7.2Banshee-project Banshee 1.7.1
5.3
CVSSv3
CVE-2022-26315
qrcp up to and including 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.
Qrcp Project Qrcp
5.3
CVSSv3
CVE-2021-32842
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory ...
Sharpziplib Project Sharpziplib
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572CVE-2024-24919CVE-2024-0230CVE-2024-32714HTML injectionlocal file inclusionCVE-2024-31098CVE-2024-31244privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook