Description: CVE-2016-8869: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. CVE-2016-8870: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create...
Read More
Description: httpoxy is a set of vulnerabilities that affect application code running in CGI or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy Impact: Drupal 8 uses the third-party PHP library Guzzle for making...
Read More
Description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. Impact: A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead...
Read More
Description: The user interface for assigning taxonomy terms in Press is shown to users who do not have permissions to use it. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. An unauthenticated privilege escalation vulnerability was discovered in a REST...
Read More
Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation: The use of a NextGEN Basic TagCloud gallery. If users are able to submit posts to be reviewed (contributors). Impact: This vulnerability allows an unauthenticated user to grab data from the victim’s website database including sensitive user information. Mitigation: Vendor...
Read More
