‼ CVE-2023-28986 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <=Â 2.9.20 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-3560 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack may be launched remotely. VDB-233354 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1183 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35697 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4could allow a remote attacker to brute-force user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42082 ‼
📖 Read
via "National Vulnerability Database".
Local users are able to execute scripts under root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3562 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37706 ‼
📖 Read
via "National Vulnerability Database".
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2964 ‼
📖 Read
via "National Vulnerability Database".
The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3561 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233355. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1780 ‼
📖 Read
via "National Vulnerability Database".
The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1902 ‼
📖 Read
via "National Vulnerability Database".
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28958 ‼
📖 Read
via "National Vulnerability Database".
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22673 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <=Â 1.0.29.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2029 ‼
📖 Read
via "National Vulnerability Database".
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37703 ‼
📖 Read
via "National Vulnerability Database".
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35696 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticatedremote attacker to retrieve sensitive information about the device via HTTP requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37704 ‼
📖 Read
via "National Vulnerability Database".
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30442 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37701 ‼
📖 Read
via "National Vulnerability Database".
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3564 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/cal_id leads to cross site scripting. It is possible to launch the attack remotely. VDB-233358 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3270 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.📖 Read
via "National Vulnerability Database".