CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

PT-2023-23537 · Unknown · Online Travel Agency System

Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the costomer id parameter at the "customer edit.php" endpoint. This enables the attacker to manipulate database...

CVE-2023-22378

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

The vulnerability of the software platform for managing operational data, related to errors in system settings or configuration, allows a perpetrator to read and modify arbitrary data in various system catalogs. This vulnerability enables unauthorized access and manipulation of system functions.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to errors in system settings or configuration. Exploiting this vulnerability can allow attackers to read and update arbitrary data in various system catalogs...

The vulnerability of the software platform for operating data management systems, related to the restoration of unreliable data in memory, allows a perpetrator to read and update arbitrary data from various system catalogs. This vulnerability enables unauthorized access and manipulation of system functions.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows an attacker to read and update arbitrary data in various system catalogs...

CVE-2023-36924

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

Design/Logic Flaw

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-1208

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

Remote code execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

PT-2023-16821 · WordPress · Http Headers

Name of the Vulnerable Software and Affected Versions: HTTP Headers WordPress plugin versions prior to 1.18.11 Description: The issue allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution. Recommendations: For versions prior to 1.18.11, update to version 1.18....

Out of bounds read in VobSub loader

Description The gpac VobSub parser takes a FILE handle and attempts to load the information from that file into its memory. The main focus of this report revolves around the first few lines of the function and how they make some assumptions about buffer sizes that allows for an out-of-bounds read...

PT-2023-20157 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to delete an arbitrary custom drop-down currency...

Design/Logic Flaw

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function VF to cause a denial of servic...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

Denial Of Service (DoS)

gif2apng is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap-based buffer overflow in the DecodeLZW function, which allows an attacker to write large amount of arbitrary data outside the boundaries of a buffer, leading to an application crash...

CVE-2020-4927

A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...

Code injection

A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...