CyberSecurityBoard
Sponsor Register Login

CVE-2024-4532

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks

Publication date: Mon, 27 May 2024 06:15:00 +0000


Cyber News related to CVE-2024-4532

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
4 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov
CVE-2024-42114 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2024-4532 - The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks ...
8 months ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com
CVE-2006-4559 - Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) ...
16 years ago
CVE-2015-4532 - EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run ...
8 years ago
CVE-2017-7220 - OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges16" command, aka an "RPC save-commands" attack. NOTE: ...
5 years ago
CVE-2011-4532 - Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary ...
13 years ago
CVE-2012-4532 - Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: ...
12 years ago
CVE-2014-4532 - Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. ...
10 years ago
CVE-2016-4532 - Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. ...
8 years ago
CVE-2005-4532 - scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid ...
7 years ago
CVE-2009-4532 - Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field ...
7 years ago
CVE-2006-4532 - PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter. ...
7 years ago
CVE-2008-4532 - Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action. ...
6 years ago
CVE-2007-4532 - Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a denial of service (client lockout) via a series of UDP join packets from a spoofed IP address, which triggers temporary blacklisting of ...
6 years ago
CVE-2007-1220 - The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. ...
6 years ago
CVE-2007-1221 - The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. ...
6 years ago
CVE-2010-4532 - offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl yes" option is specified which can allow man-in-the-middle attacks. ...
5 years ago
CVE-2013-4532 - Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. ...
5 years ago
CVE-2020-4532 - IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in ...
3 years ago
CVE-2018-4532 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago
CVE-2023-4532 - An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)