Command injection

A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched...

CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

Command injection

A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be...

Design/Logic Flaw

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

CVE-2023-5241

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcldopenaiuploadpagetrainingfile function. This allows subscriber-level attackers to append "?php" to any existing file on the server resulting in potential DoS when...

TSplus Security Vulnerabilities

TSplus is a remote access software software from TSplus. A security vulnerability exists in TSplus Remote Work version 16.0.0.0, which originates from setting insecure file and folder permissions that could allow a malicious user to manipulate the contents of a file or change a legitimate file in...

CVE-2012-10016

CVE-2012-10016 affects the Halulu simple-download-button-shortcode WordPress plugin (version 1.0). The vulnerability lies in an unknown function within the file simple-download-button_dl.php of the Download Handler, where manipulation of the file argument leads to information disclosure. The issu...

Path traversal

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is...

F5 Insufficient BIG-IP Session Expiration Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP suffers from an insufficient session expiration vulnerability, which can be exploited by an attacker to reuse sessio...

K29141800: Multi-blade VIPRION Configuration utility session cookie vulnerability CVE-2023-40537

Security Advisory Description An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. CVE-2023-40537 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an...

CVE-2023-5423 SourceCodester Online Pizza Ordering System sql injection

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...

CVE-2023-3440

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-; JP1/Performance Management - Age...

Default configuration

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-; JP1/Performance Management - Age...

CVE-2023-3440 File and Directory Permission Vulnerability in JP1/Performance Management

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-; JP1/Performance Management - Age...

CVE-2023-3440

CVE-2023-3440 affects Hitachi JP1/Performance Management on Windows with an Incorrect Default Permissions flaw that enables file manipulation. Concrete affected components and versions include: Manager (09-00 before 12-50-07), Base (09-00 through 10-50-), and multiple Agent Options/Remote Monitor...

Hitachi JP1/IT Desktop Management 2 Security Vulnerability

Hitachi JP1/IT Desktop Management 2 is an automated collection of various types of information from Hitachi, Japan Hitachi that allows you to manage it in one place. A security vulnerability exists in Hitachi JP1/IT Desktop Management 2 that stems from the presence of incorrect default permission...

Path traversal

A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. Th...

CVE-2023-5304

A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. Th...

Sql injection

A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTSID leads to sql injection. The exploit has been disclosed to the...

CVE-2023-5273

A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manageparcelstatus.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploi...