โผ CVE-2023-1827 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-36692 โผ
๐ Read
via "National Vulnerability Database".
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23878 โผ
๐ Read
via "National Vulnerability Database".
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps รขโฌโ WP MAPS plugin <= 4.3.9 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47870 โผ
๐ Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23686 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23685 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio รขโฌโ WordPress Portfolio plugin <= 2.8.10 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25305 โผ
๐ Read
via "National Vulnerability Database".
PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28999 โผ
๐ Read
via "National Vulnerability Database".
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-23821 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26866 โผ
๐ Read
via "National Vulnerability Database".
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23977 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25356 โผ
๐ Read
via "National Vulnerability Database".
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-41633 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo รขโฌโ Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23870 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25303 โผ
๐ Read
via "National Vulnerability Database".
ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28998 โผ
๐ Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28997 โผ
๐ Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25355 โผ
๐ Read
via "National Vulnerability Database".
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28848 โผ
๐ Read
via "National Vulnerability Database".
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29000 โผ
๐ Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2020-20914 โผ
๐ Read
via "National Vulnerability Database".
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.๐ Read
via "National Vulnerability Database".
โค1