A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing m...
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIN...
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypa...
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; w...
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
An improper access check allows privileged users to overwrite media files without editing permissions.
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
An improper access check allows unauthorized users to access workflow stage and transition information.
An improper access check allows users to display a list of modules in the frontend.
An improper access check allows unauthorized users to access com_privacy datasets.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.