CVE-2023-45856

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...

CVE-2023-45856

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...

qdPM Code Issues Vulnerabilities

qdPM is a web-based open source project management tool. A security vulnerability exists in qdPM version 9.2, which stems from a remote code execution vulnerability. The vulnerability allows an attacker to upload a .php file to the /uploads URI via the Add Attachments function to execute remote...

WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Attachments Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45651 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3da0899382b1 Credits Abdi Pranata...

GHSA-896V-PH5W-379H Economizzer Insecure Direct Object Reference vulnerability

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

Economizzer Insecure Direct Object Reference vulnerability

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

Economizzer Security Vulnerabilities

Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which stems from an insecure direct object reference vulnerability that could allow an...

CVE-2023-40386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments...

CVE-2023-40386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments...

Code injection

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments...

PT-2023-26651 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer versions 0.9-beta1 gugoan Economizzer commit 3730880 Description: An Insecure Direct Object Reference IDOR vulnerability allows any unauthenticated attacker to access cash book entry attachments of any other user, if they...

CVE-2023-40386

CVE-2023-40386 concerns a privacy issue in macOS Sonoma 14 where an app may access Notes attachments due to improper handling of temporary files. Apple fixed the issue in macOS Sonoma 14 by addressing temporary-file handling. The Red Hat entry and multiple sources corroborate the same description...

CVE-2023-40386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments...

CVE-2023-40386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments...

Apple macOS Security Breach

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14, which originates from an application that may be able to access Notes attachments...

PT-2023-27423 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: A privacy issue was addressed with improved handling of temporary files. This issue may allow an app to access Notes attachments. Recommendations: For versions prior to 14, update to macOS Sonoma 14 to...

PT-2023-28641 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17 iPadOS versions prior to 17 macOS versions prior to Sonoma 14 Description: The issue allows an app to potentially access Notes attachments due to insufficient restriction of data container access. This was addressed...

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. PoC...