PrestaShop Modules Detection (HTTP)

HTTP based detection of PrestaShop modules. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

Sql injection

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

CVE-2023-39643

PrestaShop xmlfeeds module (Bl Modules) before version 3.9.8 is vulnerable to SQL injection via the component SearchApiXml::Xmlfeeds(). The issue has a very high impact (CVE-2023-39643) with a CVSS v3.1 base score of 9.8 (Network attack, no authentication, user interaction not required). Affected...

PT-2023-27047 · Unknown · Bl Modules Xmlfeeds

Name of the Vulnerable Software and Affected Versions: Bl Modules xmlfeeds versions prior to 3.9.8 Description: The issue is related to a SQL injection vulnerability. It affects the component SearchApiXml::Xmlfeeds. Recommendations: For versions prior to 3.9.8, update to version 3.9.8 or later to...

CVE-2023-3712

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version...

CVE-2023-3711

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5...

CVE-2023-3710

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006...

CVE-2023-3712 Potential user privilege escalation

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version...

CVE-2023-3711 Potential Predictable Session ID

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5...

CVE-2023-3711

Honeywell PM43 industrial printers (32-bit ARM) are affected by CVE-2023-3711 through a Session Fixation vulnerability in the printer web page modules, enabling session credential falsification via prediction. The issue affects PM43 versions prior to P10.19.050004. Remediation per the connected d...

CVE-2023-3711 Potential Predictable Session ID

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5...

PT-2023-6281 · Honeywell · Honeywell Pm43

Name of the Vulnerable Software and Affected Versions: Honeywell PM43 versions prior to P10.19.050004 Description: The issue is related to an Improper Input Validation vulnerability in the Honeywell PM43 printer's web page modules, allowing Command Injection. This can enable a remote attacker to...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]

Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...

UBUNTU-CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

SUSE CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

PT-2023-27067 · Prestashop · Simpleimportproduct Prestashop Module +1

Name of the Vulnerable Software and Affected Versions: FieldPopupNewsletter Prestashop Module version 1.0.0 SimpleImportProduct Prestashop Module version 1.0.0 Description: A reflected cross-site scripting XSS issue was discovered in the Prestashop modules. The vulnerability is exploited via the...

The vulnerability of the Xwiki Commons modules on the XWiki platform, which is used for creating collaborative web applications. This allows a hacker to execute arbitrary code.

The vulnerability of the XWiki Commons modules on the XWiki platform, which is used for creating collaborative web applications, stems from the failure to address the issue of eliminating special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

GHSA-63VW-RPRV-4F8J CSRF vulnerability in Jenkins Ivy Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules...