βΌ CVE-2023-5045 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45048 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <=Γ 5.00 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23651 βΌ
π Read
via "National Vulnerability Database".
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics ExtensionΓ plugin <= 4.0.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45052 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin <Γ 5.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45063 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <=Γ 1.1.5 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-45011 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <=Γ 2.2.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45060 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <=Γ 3.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5046 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44998 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <=Γ 1.2.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45068 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <=Γ 1.7.27 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5072 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in JSON-Java versions prior to 20230618. Γ A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-22325 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32275 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27395 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22308 βΌ
π Read
via "National Vulnerability Database".
An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27516 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32634 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31192 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45142 βΌ
π Read
via "National Vulnerability Database".
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43147 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45143 βΌ
π Read
via "National Vulnerability Database".
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.π Read
via "National Vulnerability Database".