144 matches found
PT-2024-4884 · Oracle · Oracle Commerce Platform
Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue is related to insufficient input validation in the Oracle Commerce Platform, allowing an unauthenticated attacker with network access via HTTP to compromise the...
WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability
Unauth. Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Citadela Listing versions = 5.18.1...
PT-2024-18826 · WordPress · Masterstudy Lms Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.2.10 Description: The issue allows unauthenticated attackers to extract sensitive data, including all registered...
CVE-2024-1095
The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...
WordPress Plugin LearnDash LMS Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-50867
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database...
PT-2023-23634 · WordPress · Wp Mail Smtp Pro
Name of the Vulnerable Software and Affected Versions: WP Mail SMTP Pro plugin for WordPress versions up to, and including, 3.8.0 Description: The issue is related to a missing capability check on the is print page function, which allows unauthorized access to data. This makes it possible for...
SUSE SLES15: libpython3_6m1_0 / python3 / python3-base / python3-curses / etc (SUSE-SU-2023:3804-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3804-1 advisory. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692. Tenable has extracted the preceding description block directly fr...
SUSE SLES12: libpython3_6m1_0 / libpython3_6m1_0-32bit / python36 / etc (SUSE-SU-2023:3731-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3731-1 advisory. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692. Tenable has extracted the preceding description block directly fr...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to bypass authentication bypass authentication to gain unauthenticated access to sensitive data within the application, or use the application. HPE has released updates to fix the...
Vulnerability in OpenSSL - AES-SIV implementation ignores empty associated data entries
Issue summary : The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary : Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be...
Authorization
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
CVE-2023-0812
CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...
CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. PoC The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions...
CVE-2023-1865
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...
CVE-2023-21852
Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: Setup. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management...
Security Bulletin: IBM Sterling Control Center is vulnerable to unauthenticated data manipulation due to Java SE (CVE-2021-2163)
Summary IBM Sterling Control Center has addressed a Java SE difficult to exploit vulnerability that allows unauthenticated attacker with network access to successfully create, delete or modify critical data. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Ja...
ASNeG OPC UA Stack 安全漏洞
ASNeG OPC UA Stack is an open source framework open source by ASNeG Germany. It is used to develop and distribute OPC UA client/server applications. A security vulnerability exists in ASNeG OPC UA Stack that stems from the lack of a handler to handle failures when unauthenticated data is forwarde...
CVE-2022-21448
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Visual Analyzer. The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...