PT-2023-24461 · Microworld Technologies · Escan

Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan management console version 14.0.1400.2281 Description: The issue allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval in the New Policy form. This...

CVE-2023-26842

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...

CVE-2023-2928

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/articleallowurledit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely...

CVE-2023-2928

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/articleallowurledit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely...

CVE-2023-2928

CVE-2023-2928 affects DedeCMS up to version 5.7.106. The vulnerability lies in the uploads/dede/article_allowurl_edit.php functionality where manipulating the allurls parameter leads to code injection. Impact is remote, and public exploits have been disclosed. Mitigation from connected documents ...

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...

CVE-2023-2868 Remote Code injection in Barracuda Email Security Gateway

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

CVE-2023-2868 Remote Code injection in Barracuda Email Security Gateway

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

CVE-2023-33943

CVE-2023-33943 is an XSS vulnerability in the Account module of Liferay Portal (7.4.3.21–7.4.3.62) and Liferay DXP 7.4 update 21–62. The flaw allows remote attackers to inject arbitrary script/HTML via crafted input in user fields: First Name, Middle Name, Last Name, or Job Title. The public desc...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

CVE-2023-31703

CVE-2023-31703 affects Microworld eScan Management Console (v14.0.1400.2281). A Cross-Site Scripting flaw in the editUserName form via the from parameter enables remote injection of arbitrary code. Documented risk includes potential session-cookie theft leading to account takeover (as shown in Po...

CVE-2020-18282

Cross-site scripting XSS vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature...

CVE-2022-47877

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...

CVE-2021-45071

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names...

CVE-2023-2056

A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file modulemain.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

PT-2023-17459 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to 5.7.87 Description: A critical issue affects the function GetSystemFile of the file module main.php, leading to code injection. The attack may be initiated remotely. Recommendations: For versions up to 5.7.87, as a...

CVE-2023-1947

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

PT-2023-17233 · Rockoa · Rockoa

Name of the Vulnerable Software and Affected Versions: Rockoa version 2.3.2 Description: A critical issue has been found in the Configuration File Handler component, specifically affecting the webmainConfig.php file. This issue leads to code injection and can be initiated remotely. The exploit fo...

CVE-2023-1482

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack...

PT-2023-17019 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.2.4.230206 Description: A problematic issue was found in the External Plugin Handler component, affecting an unknown part of the file /admin.php/appcenter/local.html?type=addon. This issue leads to code injection and can be...