MINI-3452-48J7-9QWH

Bulletin has no description...

Exploit for CVE-2023-3452

Metersploit exploit module canto RCE CVE-2024-25096 & CVE-2023...

CVE-2026-3452

creationtimestamp| type| source ---|---|--- 2026-03-04 04:16:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg7gehu37527...

CVE-2026-3452

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

CVE-2026-3452

Concrete CMS versions below 9.4.8 are vulnerable to Remote Code Execution via stored PHP object injection in the Express Entry List block, using the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed ...

EUVD-2026-3452

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupressreinstallpluginsadminajaxcb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers,...

CVE-2025-3452

CVE-2025-3452 concerns the WordPress plugin SecuPress Free (versions up to and including 2.3.9). A missing capability check in the secupress_reinstall_plugins_admin_ajax_cb function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, enabling unauth...

WordPress SecuPress Free plugin <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin SecuPress Free versions = 2.3.9...

Linux Distros Unpatched Vulnerability : CVE-2010-3452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or...

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a vulnerability in its dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to Unix File Parameter Alteration Vulnerability Details CVEID:CVE-2020-3452 DESCRIPTION: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software could allow a remote...

Wordpress Canto Plugin < 3.0.5 - Remote File Inclusion and Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os.makedirslocaldir If a local shell is p...

WordPress Canto Remote Shell Upload

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...

Wordpress Plugin Canto &lt; 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os...

Exploit for CVE-2023-3452

CVE-2023-3452-PoC - Wordpress Plugin Canto 3.0.5 - Remote...

CVE-2023-3452

creationtimestamp| type| source ---|---|--- 2023-08-12 07:17:07+00:00| seen| https://t.me/cibsecurity/68387 2023-11-23 18:51:42+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5930 2023-11-25 12:25:42+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9459...

CVE-2023-3452

The CVE-2023-3452 entry concerns the WordPress Canto plugin (versions up to and including 3.0.4). The root cause is improper handling of the wp_abspath parameter, enabling Remote File Inclusion (RFI); if allow_url_include is enabled, an unauthenticated attacker can include and execute remote code...

CVE-2023-3452

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...

WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion

Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...

CVE-2022-3452 SourceCodester Book Store Management System category.php cross site scripting

A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument categoryname leads to cross site scripting. The attack can be initiated remotely...