‼ CVE-2023-3045 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3559 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233353 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23787 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <=Â 1.0.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10121 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this vulnerability is the function embed_handler of the file beelikedmicrosite.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is d23bafb5d05fb2636a2b78331f9d3fca152903dc. It is recommended to upgrade the affected component. The identifier VDB-233365 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27558 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1119 ‼
📖 Read
via "National Vulnerability Database".
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin through 2.4 use a third-party library that removes the escaping on some HTML characters, leading to a Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2796 ‼
📖 Read
via "National Vulnerability Database".
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35887 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-3554 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topic_message/free_name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233348. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30449 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42081 ‼
📖 Read
via "National Vulnerability Database".
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30448 ‼
📖 Read
via "National Vulnerability Database".
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3118 ‼
📖 Read
via "National Vulnerability Database".
The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23993 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <=Â 11.1.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23869 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <=Â 1.6.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27540 ‼
📖 Read
via "National Vulnerability Database".
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2026 ‼
📖 Read
via "National Vulnerability Database".
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28986 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <=Â 2.9.20 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-3560 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack may be launched remotely. VDB-233354 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1183 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35697 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4could allow a remote attacker to brute-force user credentials.📖 Read
via "National Vulnerability Database".