CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)

Publication date: Mon, 07 Mar 2022 15:15:00 +0000

Cyber News related to CVE-2022-0440

CVE-2022-0440 - The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie ...
2 years ago

CVE-2000-0440 - NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. ...
16 years ago

CVE-2002-0440 - Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP ...
16 years ago

CVE-2005-0440 - ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL. ...
13 years ago

CVE-2014-0440 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology. ...
11 years ago

CVE-2015-0440 - Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console. ...
9 years ago

CVE-1999-0440 - The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. ...
8 years ago

CVE-2016-0440 - Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4. Per Oracle: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the ...
8 years ago

CVE-2015-7600 - Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. ...
8 years ago

CVE-2009-0440 - IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related ...
7 years ago

CVE-2011-0440 - Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs. ...
7 years ago

CVE-2012-0440 - Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for ...
7 years ago

CVE-2008-0440 - AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. ...
7 years ago

CVE-2001-0440 - Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. ...
7 years ago

CVE-2003-0440 - The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. ...
7 years ago

CVE-2006-0440 - Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a ...
6 years ago

CVE-2017-0440 - An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a ...
5 years ago

CVE-2018-0440 - A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete ...
5 years ago

CVE-2013-0440 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via ...
2 years ago

CVE-2020-0440 - In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. ...
2 years ago

CVE-2023-0440 - Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6. ...
1 year ago

CVE-2010-0440 - Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web ...
1 year ago

CVE-2024-0440 - Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files. ...
11 months ago

CVE-2025-0440 - Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) ...
1 month ago Tenable.com

31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com

Latest Cyber News

CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 2 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 2 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 2 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 3 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 6 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 6 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 8 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 8 hours ago
CVE-2025-27097 - 12 hours ago
CVE-2025-27098 - 12 hours ago
Apiiro unveils free scanner to detect malicious code merges - 12 hours ago
Black Basta ransomware gang's internal chat logs leak online - 13 hours ago
CVE-2025-0352 - 13 hours ago
CVE-2025-1265 - 13 hours ago
CVE-2025-24893 - 13 hours ago
CVE-2025-25299 - 13 hours ago
Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released - 13 hours ago
New NailaoLocker Ransomware Attacking European Healthcare - 13 hours ago
Beware of North Korean Job Interview Process Delivers Malware Via Fake Chrome Update - 14 hours ago
CVE-2025-27096 - 14 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 2 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 2 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 2 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 3 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 6 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 6 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 8 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 8 hours ago
CVE-2025-1272 - 2 days ago
CVE-2025-27090 - 1 day ago
CVE-2023-51305 - 1 day ago
CVE-2024-10339 - 1 day ago
CVE-2024-37359 - 1 day ago
CVE-2024-37360 - 1 day ago
CVE-2024-5705 - 1 day ago
CVE-2024-5706 - 1 day ago
CVE-2025-21355 - 1 day ago
CVE-2025-24989 - 1 day ago
CVE-2025-25942 - 1 day ago
CVE-2025-25943 - 1 day ago