LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...

PT-2023-19327 · Wpdevart · Smplug-In Social Like Box/Page By Wpdevart

Name of the Vulnerable Software and Affected Versions: Smplug-in Social Like Box and Page by WpDevArt plugin versions 0.8.39 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

PhotoShow 3.0 Remote Code Execution

Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...

WordPress Simple Author Box Plugin <= 2.50 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Author Box Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer WebFactory Ltd. PSID 861aa3f7e578 Credits Unknown Required privilege...

WordPress Gallery Box Plugin <= 1.7.30 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gallery Box Type Plugin Vulnerable versions = 1.7.30 Fixed in 1.7.31 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID de0f4c50affe Credits István Márton Require...

InsightCloudSec 安全漏洞

InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec, Inc. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21, which originates from an attacker being able to read and write arbitrary files from disk using an exposed "box" object...

plasticdrawerbox.com Cross Site Scripting vulnerability OBB-3224203

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Workspace App 2203 LTSR CU2 displays a blank white box after login

Citrix Workspace App displays a blank white box after login. Issue does not happen when testing older versions of Citrix Workspace App such as 1912CU3...

Design/Logic Flaw

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Popup box Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27414 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 356c29098000 Credits Nguyen Xuan Chien...

CVE-2021-4332

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...

CVE-2021-4332 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome version 111.0.5563.64, which stems from a mal-implementation issue with the Autofill component. Allows remote attackers to potentially spoof the contents of a multifunction box via a crafted HTML pag...

WordPress plugin Qtranslate Slug 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-10271 · WordPress · Qtranslate Slug Plugin

Name of the Vulnerable Software and Affected Versions: Qtranslate Slug Plugin versions up to 1.1.16 Description: A vulnerability was found in the Qtranslate Slug Plugin, which has been classified as problematic. The issue affects the add slug meta box function of the file...

The vulnerability of the afrt_box_read function in the box_code_adobe.c component of the GPAC multimedia platform allows a intruder to cause a service failure.

The vulnerability of the afrtboxread function in the boxcodeadobe.c component of the GPAC multimedia platform is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

Security Advisory - Out-of-Bounds Write Vulnerability in a Huawei Sound Box Product

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Vulnerability ID:HWPSIRT-2022-61463 This vulnerability has been assigned a CVE ID: CVE-2022-48330...

The vulnerability of the microprogramming software in Dell Embedded Box PC 3000 and Dell Edge Gateway routers allows a hacker to execute arbitrary code.

The vulnerability of the microprogramming BIOS in Dell Embedded Box PC 3000 and Dell Edge Gateway devices is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

K23024812: BIG-IP APM vulnerability CVE-2018-5544

Security Advisory Description When the BIG-IP APM system renders certain pages with a logon agent or a confirm box, the system may disclose configuration information such as partition and agent names via URI parameters. CVE-2018-5544 Impact This vulnerability allows unauthorized disclosure of...

CVE-2022-4754

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...