CVE-2023-4915

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

PT-2023-23132 · Tsplus · Tsplus Remote Access

Name of the Vulnerable Software and Affected Versions: TSplus Remote Access versions through 16.0.2.14 Description: An issue was discovered where credentials are stored as cleartext within the HTML source code of the login page. Recommendations: For versions through 16.0.2.14, consider disabling...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

Sql injection

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2021-45811

CVE-2021-45811 is a confirmed SQL injection vulnerability in osTicket 1.15.x, affecting the Search functionality on tickets.php where authenticated users can manipulate the query via the combination of the keywords and topic_id URL parameters. The issue allows attackers to execute arbitrary SQL c...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

Absence of Start-End Time Validation in Range Creation

Lines of code Vulnerability details The code allows the creation of a Range structure without ensuring that startTime is strictly less than endTime. The absence of this validation might lead to unintended behavior or logical errors in functionalities that rely on the order of these timestamps...

Code injection

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality...

CVE-2020-10129 CVE-2020-10129

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality...

W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors w...

Citrix DaaS - The Published resource is not available currently. try again later

After migrating from on premise to Citrix Cloud, users facing issues when launching apps via DaaS only via native CWA. Launching via web browser works as expected. Users are getting error: Transaction ID: xxxxxxxxxxxxxxxxx The resource is not available at the moment. Please try again later. Issue...

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

PT-2023-25087 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An authentication bypass issue exists in the OAS Engine functionality. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can...

Information Disclosure

RestrictedPython is vulnerable to Information Disclosure. The vulnerability arises due to the format functionality in Python which allows someone controlling the format string to "read" data from objects, including sensitive information. This vulnerability could potentially allow an attacker to...

CVE-2023-31170

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-31168

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

Design/Logic Flaw

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-31170

SEL-5030 acSELerator QuickSet Software is affected up to version 7.1.3.0 by CVE-2023-31170, described as an Inclusion of Functionality from Untrusted Control Sphere issue. The vulnerability could allow an attacker to embed instructions that could be executed by an authorized device operator. Conn...