CVE-2023-7092

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

CVE-2023-7092

CVE-2023-7092 affects Uniway UW-302VP v2.0 Admin Web Interface. The vulnerability is a cross-site request forgery in /boaform/wlan_basic_set.cgi driven by the wlanssid/password parameter, with remote initiation and exploit public. Root cause cited as processing in the CGI; CVSS metrics indicate M...

PT-2023-32867 · Uniway · Uniway Uw-302Vp

Name of the Vulnerable Software and Affected Versions: Uniway UW-302VP version 2.0 Description: A vulnerability was found in the Admin Web Interface of Uniway UW-302VP, affecting the processing of the file /boaform/wlan basic set.cgi. The manipulation of the wlanssid/password argument leads to...

CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...

CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...

S-CMS Security Vulnerabilities

S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS China. A security vulnerability exists in S-CMS v5.0, which originates from the discovery of an SQL injection vulnerability via the Abbsauth parameter in /admin/ajax.php...

keycloak: offline session token DoS

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

keycloak: offline session token DoS

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system developed by heyewei. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/friendlink/update component...

VulnCheck KEV: CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

WP Custom Admin Interface < 7.32 - Missing Authorization via wpcai_pro_notice_disable

Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the wpcaipronoticedisable function in versions up to, and including, 7.31. This makes it possible for authenticated attackers, with...

WP Custom Admin Interface < 7.33 - Missing Authorization to Transients Deletion

Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcustomadmininterfacedeletetransients function in versions up to, and including, 7.32. This makes it possible for authenticated attackers, wi...

XXL-JOB Security Vulnerability

XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xue Li XXL-JOB community. A security vulnerability exists in XXL-JOB xxl-job-admin version 2.4.0, which stems from a Remote Code Execution RCE vulnerability in component /xxl-job-admin/jobcode/save...

WordPress WP Custom Admin Interface Plugin <= 7.31 is vulnerable to Broken Access Control

Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.31 Fixed in 7.32 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47763 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 73d0182de151 Credits Abdi Pranata...

PT-2023-32313 · Proofpoint · Proofpoint Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection versions 8.20.0 through 8.20.0 before patch 4796 Proofpoint Enterprise Protection versions 8.18.6 through 8.18.6 before patch 4795 Proofpoint Enterprise Protection versions prior to 8.18.6 Description: The iss...

PT-2023-29680 · Unknown · Wokamoto Simple Tweet

Name of the Vulnerable Software and Affected Versions: Wokamoto Simple Tweet plugin versions = 1.4.0.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability allows an attacker to inject maliciou...

PYSEC-2023-219

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

PT-2023-6356 · Connectize · Connectize Ac21000 G6

Name of the Vulnerable Software and Affected Versions: Connectize AC21000 G6 version 641.139.1.1256 Description: The issue is related to insecure credential management, allowing attackers to gain escalated privileges via the use of a weak hashing algorithm. It also involves a vulnerability in the...

WordPress WP Custom Admin Interface Plugin <= 7.32 is vulnerable to Broken Access Control

Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.32 Fixed in 7.33 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44988 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 74d65a8c422e Credits Abdi Pranata Required...

CVE-2023-43216

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminip.php...