CVE-2023-30497

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Simon Chuang WP LINE Notify plugin = 1.4.4 versions...

CVE-2023-30497

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Simon Chuang WP LINE Notify plugin = 1.4.4 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Simon Chuang WP LINE Notify plugin = 1.4.4 versions...

CVE-2023-30497

CVE-2023-30497 affects the WordPress WP LINE Notify plugin by Simon Chuang (≤ 1.4.4). The vulnerability is an unauthenticated Reflected XSS via the uid parameter, allowing an attacker to trigger script execution in the context of an admin user. Public disclosures confirm the vulnerability exists ...

CVE-2023-30497 WordPress LINE Notify Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Simon Chuang WP LINE Notify plugin = 1.4.4 versions...

WordPress plugin WP LINE Notify cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

LINE Notify < 1.4.5 - Reflected XSS

Description The plugin does not sanitise and escape the uid parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA such as a duplicated Delete/Notify message a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

...

DEBIAN-CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

CVE-2023-38712

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

DEBIAN-CVE-2023-38712

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

AZL-34937 CVE-2023-38712 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

AZL-28066 CVE-2023-38712 affecting package libreswan for versions less than 4.7-5

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

UBUNTU-CVE-2023-38712

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

Libreswan 代码问题漏洞

Libreswan is an IPsec implementation similar to Openswan, which is primarily used to ensure security and integrity issues in data transmission. A security vulnerability exists in Libreswan version 3.x, version 4.x up to and including version 4.12, which originates when an IKEv1 ISAKMP SA message...

pasta.freemyip.com Improper Access Control vulnerability OBB-3615897

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NULL Pointer Dereference

libreswan is vulnerable to NULL Pointer Dereference. The vulnerability occurs when a malformed IKEv1 Delete/Notify packet is received resulting in a crash or denial of service if sent continuously...

CVE-2023-3958

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

CVE-2023-3958 WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

WordPress Plugin Remote Users Sync 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...