GLSA-202305-09 : syslog-ng: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202305-09 syslog-ng: Denial of Service - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the...

USN-6021-1 chromium-browser vulnerabilities

It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-1528, CVE-2023-1530, CVE-2023-1531,...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and Integration Runtime operands that run Designer flows containing a Box node may be vulnerable to arbitrary code execution due to [CVE-2023-29199]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container for communications with Box via the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer flows containing a Box node may be vulnerable ...

KubeStalk - Discovers Kubernetes And Related Infrastructure Based Attack Surface From A Black-Box Perspective

KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance - Wave 9. Usage The GIF below...

CVE-2023-23938

Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration...

WordPress WP Login Box Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Login Box Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0544 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 129e87d5d019 Credits István Márton Required...

PT-2023-9527 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the mp box copy component and involves improper neutralization of special elements used in SQL commands. This can be exploited by attackers to cause a Denial of...

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

Snippet Box 跨站脚本漏洞

Snippet Box is a simple self-hosted application for pawelmalak individual developers. It is used to organize code snippets. A security vulnerability exists in Snippet-box version 1.0.0. An attacker can exploit the vulnerability to see arbitrary web script or HTML in the "Snippet code" form field...

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS) via the Snippet code form field. Remote attackers can render arbitrary web script or HTML, indicating a client-side injection risk. According to the CVE details, the issue has a CVSS v3.1 base score of 6.1 (MEDIUM) with an attack vecto...

PT-2023-9521 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the mp box deserialize string function, which is vulnerable due to improper neutralization of special elements used in SQL commands. This can be exploited by a...

CVE-2023-23972

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

CVE-2023-23972

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

CVE-2023-23972

CVE-2023-23972 concerns the WordPress plugin “Social Like Box and Page by WpDevArt” (Smplug-in) up to version 0.8.39. The issue is a stored XSS vulnerability that requires admin+ privileges to exploit. The underlying cause is improper sanitization/escaping in the plugin’s inputs, enabling a high-...

WordPress plugin Social Like Box and Page by WpDevArt 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

LDAP Tool Box Self Service Password 1.5.2 Account Takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...