Oracle Database Server (October 2023 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle Spatial and Graph cURL component of Oracle Database Server. Supported versions that are affected are 19.3-19.2...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Oracle has...

WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Open Graph Metabox Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46191 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa3a95b4491 Credits LEE SE HYOUNG...

ALSA-2023:5863 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 golang: net/http, x/net/http2: rapid stream resets can cause...

CVE-2023-45010

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex MacArthur Complete Open Graph plugin = 3.4.5 versions...

CVE-2023-45010

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex MacArthur Complete Open Graph plugin = 3.4.5 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex MacArthur Complete Open Graph plugin = 3.4.5 versions...

CVE-2023-45010 WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex MacArthur Complete Open Graph plugin = 3.4.5 versions...

CVE-2023-45010 WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex MacArthur Complete Open Graph plugin = 3.4.5 versions...

CVE-2023-45010

CVE-2023-45010 – WordPress Complete Open Graph Plugin ≤ 3.4.5 is vulnerable to admin+ Stored XSS. Root cause: insufficient input validation/escaping in plugin parameters, enabling stored XSS. Multiple connected sources (NVD, Red Hat, WP/distro feeds) confirm the vulnerability and affected version...

WordPress Plugin Complete Open Graph Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Silverstripe CMS GraphQL Server Resource Management Error Vulnerability

Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A resource management error vulnerability exists in Silverstripe CMS GraphQL Server, which can be exploited by an attacker to perform a distributed denial-of-service attack DDOS attack...

WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Complete Open Graph Type Plugin Vulnerable versions = 3.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45010 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 98057f180915 Credits Rio Darmawan Required...

The vulnerability of the graph_xport.php component of the Cacti network monitoring software allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the graphxport.php component of the Cacti network monitoring software is related to an error in the handling of authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the `grow_right_pane_tree()` function in the Cacti network monitoring software, which allows a hacker to execute arbitrary SQL queries.

The vulnerability of the growrightpanetree function in the Cacti network monitoring software’s script graphview.php relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using a specially...

DEBIAN-CVE-2023-39511

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

PT-2023-5421 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue is related to a Stored Cross-Site-Scripting XSS vulnerability, which allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative...

DEBIAN-CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

UBUNTU-CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...