8806 matches found
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
CVE-2023-2608
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...
CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...
CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...
CVE-2023-2528
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...
CVE-2023-2528
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...
CVE-2023-2528
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...
Cross site request forgery (csrf)
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...
Dgraph 加密问题漏洞
Dgraph is Dgraph open source a horizontally scalable distributed GraphQL database with a graph backend. Dgraph version before 23.0.0 has a cryptographic problem vulnerability , the vulnerability stems from a nounce conflict , an attacker can use the vulnerability to brute-force attack on the log...
PT-2023-23169 · Dgraph · Dgraph
Name of the Vulnerable Software and Affected Versions: Dgraph versions prior to v23.0.0 Description: Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is...
CVE-2023-2528 Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...
Cross-site Request Forgery (CSRF)
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to missing nonce validation on the wpajaxsetattachmentthumbnail AJAX function. An attacker can update the thumbnail...
Authorization
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
CVE-2023-0812
CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...
Easy Appointments < 3.11.10 - Cross-Site Request Forgery
The plugin does not properly validate requests use nonces, leading to potential Cross-Site Request Forgery CSRF vulnerabilities...
WordPress The Royal Elementor Addons Plugin < 1.3.60 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:royal-elementor-addons:royalelementoraddons"; if description...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
CVE-2023-30616
Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any...