Exploit for CVE-2023-38646

CVE-2023-38646 The original script originates from securezer...

Input validation

A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...

openSUSE 15 Security Update : exim (openSUSE-SU-2023:0293-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0293-1 advisory. - NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability fedora-all CVE-2023-42114 - AUTH Out-Of-Bounds Write Remote Code Executi...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Exim vulnerabilities (USN-6411-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6411-1 advisory. It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly...

CVE-2023-40519

A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2023-27435

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

CVE-2023-27435

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

CVE-2023-27435 WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

CVE-2023-27435

The CVE-2023-27435 entry concerns the WordPress HTTP Auth Plugin, vulnerable in versions 0.3.2, with patch 1.0.0 indicated as the fix. Exploitability details in the connected docs show unauthenticated access as a consideration; exploitation status is not definitively provided beyond the CSRF cla...

CVE-2023-27435 WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

...

Broadpeak Centralized Accounts Management Auth Agent Cross-Site Scripting Vulnerability

Broadpeak Centralized Accounts Management Auth Agent is a centralized accounts management authentication agent application from Broadpeak France. A cross-site scripting vulnerability exists in Broadpeak Centralized Accounts Management Auth Agent versions 01.01.00.19219575ee9195b0,...

PT-2023-27497 · Broadpeak · Broadpeak Centralized Accounts Management Auth Agent

Name of the Vulnerable Software and Affected Versions: Broadpeak Centralized Accounts Management Auth Agent versions 00.12.01.9565588 1254b459, 01.01.00.19219575 ee9195b0, 01.01.01.30097902 fd999e76 Description: A cross-site scripting XSS issue in the bpk-common/auth/login/index.html login portal...

PT-2023-21124 · Unknown · Sami Ahmed Siddiqui Http Auth Plugin

Name of the Vulnerable Software and Affected Versions: Sami Ahmed Siddiqui HTTP Auth plugin versions 0.3.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

LDAP Login Scanner

This module attempts to login to the LDAP service. Module Options msf use auxiliary/scanner/ldap/ldaplogin msf auxiliaryldaplogin show actions ...actions... msf auxiliaryldaplogin set ACTION msf auxiliaryldaplogin show options ...show and set options... msf auxiliaryldaplogin run This module...

CVE-2023-44266 WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...

CVE-2023-44230

CVE-2023-44230 describes a Stored XSS vulnerability in the WordPress plugin “Popup contact form” by Gopi Ramasamy, affecting versions

CVE-2023-44265

CVE-2023-44265 affects the WordPress plugin Popup contact form by Gopi Ramasamy, affected versions

CVE-2023-44242

CVE-2023-44242 affects 2J Slideshow Team Slideshow, Image Slider by 2J plugin (WordPress) version 1.3.54 to mitigate the vulnerability. No other products or exploitation details are provided in the documents.