๐จ CVE-2023-34641
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
๐@cveNotify
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
๐@cveNotify
Kioware
KioWare | Kiosk System Software
KioWare kiosk system software - kiosk browser software to secure the OS in lockdown kiosk mode. Free trial available.
๐จ CVE-2023-32387
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution
๐@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution
๐@cveNotify
Apple Support
About the security content of macOS Big Sur 11.7.7
This document describes the security content of macOS Big Sur 11.7.7.
๐จ CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
WPScan
Super Socializer < 7.13.52 - Reflected XSS
See details on Super Socializer < 7.13.52 - Reflected XSS CVE 2023-2779. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2023-3206
A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
Vuldb
CVE-2023-3206 Chengdu VEC40G send_order.cgi denial of service (CNVD-2021-91411)
A vulnerability was found in Chengdu VEC40G 3.0 and classified as problematic. This vulnerability was named CVE-2023-3206. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
๐จ CVE-2023-3208
A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the component Login. The manipulation of the argument sidx/sord leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the component Login. The manipulation of the argument sidx/sord leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
vulhub/activemq/RoadFlow.md at master ยท yangxixx/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose - yangxixx/vulhub
๐จ CVE-2023-32220
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
๐@cveNotify
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
๐@cveNotify
๐จ CVE-2023-2805
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
๐@cveNotify
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
๐@cveNotify
WPScan
SupportCandy < 3.1.7 - Admin+ SQLi
See details on SupportCandy < 3.1.7 - Admin+ SQLi CVE 2023-2805. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2023-2811
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
๐@cveNotify
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
๐@cveNotify
WPScan
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
See details on AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting CVE 2023-2811. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2022-45378
** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
๐@cveNotify
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
๐@cveNotify
๐จ CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
๐@cveNotify
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
๐@cveNotify
๐จ CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
๐@cveNotify
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
๐@cveNotify
๐จ CVE-2022-41196
Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
๐จ CVE-2022-41198
Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
๐จ CVE-2022-41195
Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
๐จ CVE-2022-4024
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
๐@cveNotify
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
๐@cveNotify
WPScan
Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion
See details on the Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
๐@cveNotify
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
๐@cveNotify
GitHub
Stack overflow error caused by jsonutil parsing of untrusted JSON String ยท Issue #10 ยท billdavidson/JSONUtil
Stack overflow error caused by jsonutil parsing of untrusted JSON String Description Using jsonutil to parse untrusted JSON String may be vulnerable to denial of service (DOS) attacks. If the parse...
๐จ CVE-2022-4102
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
๐@cveNotify
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
๐@cveNotify
WPScan
Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion
See details on the Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2022-39805
Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
๐@cveNotify
๐จ CVE-2023-34167
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
๐@cveNotify
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
๐@cveNotify
๐จ CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
๐@cveNotify
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
๐@cveNotify