‼ CVE-2023-2573 ‼
📖 Read
via "National Vulnerability Database".
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46799 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <=Â 1.0.15 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28169 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <=Â 1.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23668 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25021 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <=Â 3.6.6 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1651 ‼
📖 Read
via "National Vulnerability Database".
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0537 ‼
📖 Read
via "National Vulnerability Database".
The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22790 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22781 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22786 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22779 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22780 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1011 ‼
📖 Read
via "National Vulnerability Database".
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30092 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29696 ‼
📖 Read
via "National Vulnerability Database".
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22789 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22784 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22782 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29693 ‼
📖 Read
via "National Vulnerability Database".
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22788 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22785 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".