5655 matches found
The vulnerability of the MapPress Maps plugin in the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the MapPress Maps plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
PT-2023-7030 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to a lack of protection for the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker could...
CVE-2023-6099 Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 lead...
GLSA-202310-21 : ConnMan: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202310-21 ConnMan: Multiple Vulnerabilities - An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an...
phpFox 4.8.13 PHP Object Injection Exploit
phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject...
Default credentials
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...
CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...
PT-2023-9453 · Ibm · Ibm Cognos Dashboards On Cloud Pak For Data
Name of the Vulnerable Software and Affected Versions: IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0 Description: The issue is related to the exposure of sensitive information in container images, which could lead to further attacks against the system. This is due to the transmission ...
Ubuntu 18.04 ESM : VCFtools vulnerabilities (USN-4835-1)
The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4835-1 advisory. It was discovered that VCFtools improperly handled certain input. If a user were tricked into opening a crafted input file, VCFtools could be made to cra...
CVE-2023-42319
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
Ubuntu 16.04 ESM / 18.04 ESM / 22.04 ESM : VIPS vulnerabilities (USN-6437-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6437-1 advisory. Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into...
CVE-2023-42627
CVE-2023-42627 is a set of stored XSS vulnerabilities in the Liferay Commerce module affecting Portal 7.3.5–7.4.3.91 and Liferay DXP 7.3 (update 33 and earlier) and 7.4 (before update 92). The flaws allow remote attackers to inject arbitrary script/HTML via crafted payloads in multiple shipping/b...
PT-2023-6339 · Oracle · Oracle Banking Trade Finance
Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance versions 14.5 through 14.7 Description: The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance. Exploitation of this issue may allow a remote attacker...
Ubuntu 16.04 ESM / 18.04 ESM : Lighttpd vulnerabilities (USN-4775-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4775-1 advisory. It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use...
Arbitrary File Overwrite
ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems...
Security Bulletin: IBM Security Directory Server is vulnerable to remote attacks (CVE-2022-33161, CVE-2022-33165)
Summary IBM Security Directory Integrator has issued an update to address these vulnerabilities affecting IBM Security Directory Server. Vulnerability Details CVEID:CVE-2022-33161 DESCRIPTION: IBM Security Directory Server could allow a remote attacker to obtain sensitive information, caused by t...
Exim Vulnerable to Zero-Day Remote Code Execution Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Six zero-day vulnerabilities have been discovered in the Exim Internet Mailer, potentially putting thousands of email servers worldwide at risk. These vulnerabilities, if successfully exploited,...
CVE-2023-40519
CVE-2023-40519 describes a cross-site scripting (XSS) vulnerability in the Broadpeak Centralized Accounts Management Auth Agent, specifically the login portal at bpk-common/auth/login/index.html. The issue can be triggered by a malicious value in the disconnectMessage parameter, enabling remote a...
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 CVSS...
PT-2023-5618 · F5 · Big-Ip Apm
Name of the Vulnerable Software and Affected Versions: BIG-IP APM clients affected versions not specified Description: The issue is related to BIG-IP Access Policy Manager Clients APM Clients sending data in plain text, which can be exploited by a remote attacker to control the DNS server and...