โผ CVE-2023-0353 โผ
๐ Read
via "National Vulnerability Database".
Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0350 โผ
๐ Read
via "National Vulnerability Database".
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24279 โผ
๐ Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23790 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27501 โผ
๐ Read
via "National Vulnerability Database".
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26460 โผ
๐ Read
via "National Vulnerability Database".
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27500 โผ
๐ Read
via "National Vulnerability Database".
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2022-47595 โผ
๐ Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47163 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database รขโฌโ Insert CSV file content into WordPress plugin <= 2.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47443 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23791 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23857 โผ
๐ Read
via "National Vulnerability Database".
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27894 โผ
๐ Read
via "National Vulnerability Database".
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25615 โผ
๐ Read
via "National Vulnerability Database".
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24526 โผ
๐ Read
via "National Vulnerability Database".
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26457 โผ
๐ Read
via "National Vulnerability Database".
SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47143 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin รขโฌโ MPG plugin <= 3.3.9 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47141 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25618 โผ
๐ Read
via "National Vulnerability Database".
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27498 โผ
๐ Read
via "National Vulnerability Database".
SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25616 โผ
๐ Read
via "National Vulnerability Database".
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.๐ Read
via "National Vulnerability Database".