PT-2023-36301 · Unknown · Distribution

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.3 Description: The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and...

CVE-2023-7098

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...

Path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...

CVE-2023-7098

A vulnerability (CVE-2023-7098) affects icret EasyImages 2.8.3. The issue resides in unknown code within app/hide.php, where manipulating the key argument enables path traversal (e.g., ../filedir). Remote exploitation is possible but the attack complexity is high; exploitation has been disclosed ...

EasyImages Path Traversal Vulnerability

EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A path traversal vulnerability exists in icret EasyImages version 2.8.3, which stems from unknown code in app/hide.php that causes path traversal via the parameter...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3...

WordPress Plugin Canada Post Shipping Method Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Mageia: Security Advisory (MGASA-2023-0320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated haproxy packages fix security vulnerability

Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates. Use a check script to have config check result in error log on failure. Fix...

CVE-2023-41238

Unauth. Reflected Cross-Site Scripting XSS vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin = 2.8.3 versions...

PT-2023-27861 · WordPress · Ultimatelysocial Social Media Share Buttons & Social Sharing Icons

Name of the Vulnerable Software and Affected Versions: UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin versions = 2.8.3 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into websites,...

PT-2023-8866 · Haproxy +8 · Haproxy +8

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.0.32 through 2.8.1 HAProxy versions 2.1.x HAProxy versions 2.2.x through 2.2.30 HAProxy versions 2.3.x HAProxy versions 2.4.x through 2.4.23 HAProxy versions 2.5.x HAProxy versions 2.6.x before 2.6.15 HAProxy versions 2.7.x...

WordPress Ultimeter Plugin < 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimeter Type Plugin Vulnerable versions 2.8.3 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c6dbf05fd248 Credits Rafie Muhammad Patchstack Required...

Design/Logic Flaw

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

PT-2023-19459 · Konga · Konga

Name of the Vulnerable Software and Affected Versions: Konga version 2.8.3 Description: A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the...

KONGA 安全特征问题漏洞

KONGA is a full-featured, open source, multi-user GUI from the Dutch individual developer Panagis Tselentis. A security feature issue vulnerability exists in KONGA version 2.8.3, which stems from insufficient random values...

CVE-2022-37772

Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts...

CVE-2022-37774

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...

CVE-2022-37774

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...

Improper access control

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...