3642 matches found
CVE-2023-0626 Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0...
CVE-2023-0626
CVE-2023-0626 affects Docker Desktop prior to 4.12.0, where an RCE vulnerability exists via query parameters in the message-box route. Root cause is an insecure handling of query parameters in the message-box endpoint, leading to remote code execution with high impact on confidentiality, integrit...
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent
Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If you're...
PT-2023-28895 · Sing-Box · Sing-Box
Name of the Vulnerable Software and Affected Versions: Sing-box versions prior to 1.4.4 Sing-box versions prior to 1.5.0-rc.4 Description: The issue affects all SOCKS5 inbounds with user authentication in Sing-box, allowing an attacker to bypass authentication when specially crafted requests are...
Sing-box Access Control Error Vulnerability
sing-box is a universal proxy platform open-sourced by Project S. An access control error vulnerability exists in Sing-box versions prior to 1.5.0-rc.5, which stems from a vulnerability that allows an attacker to bypass authentication...
WordPress WS Facebook Like Box Widget Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Software WS Facebook Like Box Widget Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 253f2e5e6627 Credits Lana Codes...
WordPress Plugin WS Facebook Like Box Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-31275 · WordPress · Ws Facebook Like Box Widget
Name of the Vulnerable Software and Affected Versions: WS Facebook Like Box Widget for WordPress plugin versions up to, and including, 5.0 Description: The issue is related to Stored Cross-Site Scripting via the 'ws-facebook-likebox' shortcode due to insufficient input sanitization and output...
Input validation
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 PoC - Unauthenticated RCE in Cacti 1.2.22 This...
Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service DDoS attacks. Doctor Web said the compromises are likely to occur either during malicious firmware update...
CVE-2023-2813
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
CVE-2023-39164
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...
CVE-2023-39164
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...
CVE-2023-39164
CVE-2023-39164: Unauthenticated reflected XSS in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors (Molongui plugin 4.6.19. CVE-2023-39164 details and vendor advisories confirm the XSS vuln; no exploit details are provided in the supplied sources.
WordPress plugin Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors - Molongui Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Author Box for Authors,...
PT-2023-26818 · Molongui · Molongui Author Box
Name of the Vulnerable Software and Affected Versions: Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin versions = 4.6.19 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject...
Multiple Plugins from ServMask - Unauthenticated Access Token Update
Description The plugins do not have authorisation in the init function hooked to the admininit action, allowing unauthenticated attackers to update the access token PoC With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated:...
WordPress Popup box Plugin < 3.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Popup box Type Plugin Vulnerable versions 3.7.2 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 52bb8b9ef075 Credits Unknown Required privilege Administrator...