‼ CVE-2023-5261 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43944 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5260 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240869 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5258 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5259 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868.📖 Read
via "National Vulnerability Database".
🦿 ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package 🦿
📖 Read
via "Tech Republic".
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.📖 Read
via "Tech Republic".
TechRepublic
ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.
‼ CVE-2023-5262 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41662 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <=Â 4.4.5 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41691 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <=Â 6.3.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41655 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <=Â 2.5.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41663 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <=Â 1.6.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5289 ‼
📖 Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41661 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=Â 3.1.35 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5264 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41657 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <=Â 2.3.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5267 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41687 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <=Â 2.4.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41658 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=Â 1.0.13 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39308 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <=Â 1.0.7 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5265 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5263 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.📖 Read
via "National Vulnerability Database".