βΌ CVE-2023-28748 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47432 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42669 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46823 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47428 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28794 βΌ
π Read
via "National Vulnerability Database".
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38407 βΌ
π Read
via "National Vulnerability Database".
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47420 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45055 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4699 βΌ
π Read
via "National Vulnerability Database".
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46822 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce Γ’β¬β Export Products, Export Orders, Export Subscriptions, and More plugin <=Γ 2.7.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46849 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page Γ’β¬β Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page Γ’β¬β Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38382 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel SΓΒΆderstrΓΒΆm / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40609 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47184 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <=Γ 1.2.8 versions.π Read
via "National Vulnerability Database".
π¦Ώ Security Incident Response Policy π¦Ώ
π Read
via "Tech Republic".
The Security Incident Response Policy from TechRepublic Premium describes the organizationβs process for minimizing and mitigating the results of an information technology security-related incident. The policyβs purpose is to define for employees, IT department staff and users the process to be followed when experiencing a suspected IT-security incident. From the policy: The following, while not ...π Read
via "Tech Republic".
TechRepublic
Security Incident Response Policy
The Security Incident Response Policy from TechRepublic Premium describes the organizationβs process for minimizing and mitigating the results of an
βΌ CVE-2023-46777 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <=Γ 1.1.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46780 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <=Γ 1.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5831 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47185 βΌ
π Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments Γ’β¬β wpDiscuz plugin <=Γ 7.6.11 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46779 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <=Γ 3.5.3251 versions.π Read
via "National Vulnerability Database".