CVE-2026-2143

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

CVE-2026-2143

creationtimestamp| type| source ---|---|--- 2026-02-08 09:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3medl2lj3pv2h 2026-02-08 09:00:40+00:00| seen| https://infosec.exchange/users/offseq/statuses/116034189974424544 2026-02-08 12:00:36+00:00| seen|...

EUVD-2026-2143

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

CVE-2019-2143

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114746174...

CVE-2023-2143

creationtimestamp| type| source ---|---|--- 2024-09-25 04:16:40+00:00| seen| https://t.me/cvedetector/6249...

CVE-2024-2143

CVE-2024-2143 affects the Ultimate Addons for Beaver Builder – Lite WordPress plugin. It enables Stored XSS via the Heading widget in all versions up to 1.5.7 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, all...

Rocky Linux 8 : container-tools:3.0 (RLSA-2022:2143)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2143 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded ...

Oracle Linux 7 : openssh (ELSA-2019-2143)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2143 advisory. - Fix for CVE-2018-15473 1619079 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

CVE-2023-2143

The CVE-2023-2143 entry concerns the WordPress plugin Enable SVG, WebP & ICO Upload (versions up to 1.0.3). Root cause: the plugin does not sanitize SVG contents, enabling Cross-Site Scripting. Impact is Cross-Site Scripting as described in multiple trusted sources. Exploitation details are not p...

CVE-2023-2143 Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability...

WordPress Enable SVG, WebP & ICO Upload Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Enable SVG, WebP & ICO Upload Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2143 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c3213d756c76 Credits Mateus Macha...

SUSE: Security Advisory (SUSE-SU-2023:2143-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2143-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advantech iView Command Injection (CVE-2022-2143)

A command injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation of the backupfilename parameter while updating NetworkServlet database...

Metasploit Wrap-Up

Advantech iView NetworkServlet Command Injection This week Shelby Pace has developed a new exploit module for CVE-2022-2143. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469...

Advantech iView runProViewUpgrade fwfilename Command Injection (CVE-2022-2143)

Binary data scadaadvantechiviewcve-2022-2143.nbin...

CVE-2022-2143

creationtimestamp| type| source ---|---|--- 2022-07-22 18:19:31+00:00| seen| https://t.me/cibsecurity/46803 2022-08-18 15:41:42+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/advantechiviewnetworkservletcmdinject.rb 2025-02-06 03:13:45+00:00|...

CVE-2022-2143 Advantech iView

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code...

CVE-2022-2143

CVE-2022-2143 affects Advantech iView (NetworkServlet) and is caused by improper input validation of a parameter used in backup/file operations, enabling command injection. Affected products are Advantech iView versions prior to 5_7_04_6469. This vulnerability may allow remote code execution via ...

CVE-2022-2143 Advantech iView

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code...