18 matches found
CVE-2023-43984
Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the pscustomer table...
CVE-2022-43984
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protoc...
CVE-2024-43984
creationtimestamp| type| source ---|---|--- 2024-10-31 11:55:47+00:00| seen| https://t.me/cvedetector/9497...
CVE-2024-43984
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13...
CVE-2024-43984
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13...
CVE-2024-43984 WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13...
CVE-2024-43984
CVE-2024-43984 affects Podlove Podlove Podcast Publisher for WordPress (versions prior to 4.1.14). The issue is CSRF that enables remote code execution (RCE) via code injection. Remediation: upgrade to Podlove Podlove Podcast Publisher 4.1.14 or newer (or apply vendor-provided fixes); patch detai...
WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43984 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID b38f22b27679 Credits...
CVE-2023-43984
CVE-2023-43984 affects the PrestaShop Smart Soft Advanced Export module. Before v4.4.7, insecure permissions allow unauthenticated attackers to download user data from the ps_customer table due to improper access controls in the advancedexport component. Impact is user information disclosure; CVS...
CVE-2023-43984
Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the pscustomer table...
CVE-2022-43984
creationtimestamp| type| source ---|---|--- 2022-11-25 20:15:42+00:00| seen| https://t.me/cibsecurity/53519...
CVE-2022-43984 Browsershot 3.57.3 - Server Side XSS to LFR via HTML
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protoc...
CVE-2022-43984 Browsershot 3.57.3 - Server Side XSS to LFR via HTML
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protoc...
CVE-2022-43984
This CVE affects Browsershot 3.57.3. The issue arises because JS content imported from external sources passed to Browsershot::html may contain file:// URLs, and the application does not validate this, enabling an external attacker to remotely obtain arbitrary local files. Documents consistently ...
CVE-2021-43984
creationtimestamp| type| source ---|---|--- 2021-12-23 22:19:32+00:00| seen| https://t.me/cibsecurity/34580...
CVE-2021-43984
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
CVE-2021-43984
The CVE-2021-43984 issue affects mySCADA myPRO up to version 8.20.0, where the firmware update feature may allow an attacker to inject arbitrary OS commands via a specific parameter. The vulnerability is categorized as an OS command injection with a high to critical impact (C/H/I/H) in multiple s...
CVE-2021-43984 mySCADA myPRO
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...