‼ CVE-2023-41655 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <=Â 2.5.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41663 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <=Â 1.6.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5289 ‼
📖 Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41661 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=Â 3.1.35 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5264 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41657 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <=Â 2.3.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5267 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41687 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <=Â 2.4.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41658 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=Â 1.0.13 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39308 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <=Â 1.0.7 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5265 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5263 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41666 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <=Â 2.9.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5266 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879.📖 Read
via "National Vulnerability Database".
🕴 Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software 🕴
📖 Read
via "Dark Reading".
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.📖 Read
via "Dark Reading".
Dark Reading
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
👍1
🕴 Cybersecurity Gaps Plague US State Department, GAO Report Warns 🕴
📖 Read
via "Dark Reading".
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.📖 Read
via "Dark Reading".
Dark Reading
Cybersecurity Gaps Plague US State Department, GAO Report Warns
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
👍1
‼ CVE-2023-5268 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39410 ‼
📖 Read
via "National Vulnerability Database".
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5273 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5272 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5269 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".