‼ CVE-2023-1499 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223399.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1498 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1501 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1500 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4933 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1505 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10096 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1502 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1248 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1504 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1503 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1250 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.📖 Read
via "National Vulnerability Database".
🕴 Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model 🕴
📖 Read
via "Dark Reading".
There are a number of solutions that can help ensure security and compliance mandates are met in the cloud, but organizations should prioritize integration and policy-based management.📖 Read
via "Dark Reading".
Dark Reading
Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model
There are a number of solutions that can help ensure security and compliance mandates are met in the cloud, but organizations should prioritize integration and policy-based management.
‼ CVE-2023-0320 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28118 ‼
📖 Read
via "National Vulnerability Database".
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23721 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23718 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28424 ‼
📖 Read
via "National Vulnerability Database".
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-47592 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22679 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22678 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions.📖 Read
via "National Vulnerability Database".