CVE-2023-38203 Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

Vulnerability of the Server:Pluggable Auth component of the Oracle MySQL Server database management system, which allows attackers to gain unauthorized access to confidential information

The vulnerability of the Server:Pluggable Auth component of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to confidential information usin...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +828 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=5.6.0 <=5.6.10)

org.springframework.security:spring-security-config MAVEN version =5.6.0, =4.4.0.2, =0.2.0, =2.1.0.M8, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =0.0.1, =0.0.6 - com.atlassian.connect:atlassian-connect-spring-boot-api =2.2.7 - com.atlassian.connect:atlassian-connect-spring-boot-core...

PT-2023-3678 · Samba +9 · Samba +9

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: The issue is related to an out-of-bounds read vulnerability in Samba due to insufficient length checks in the winbindd pam auth crap.c component. This vulnerability can be exploited when...

DLA-3499-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

Debian: Security Advisory (DLA-3499-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update

Debian LTS Advisory DLA-3499-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 19, 2023 https://wiki.debian.org/LTS Package : libapache2-mod-auth-openidc Version : 2.3.10.2-1+deb10u3 CVE ID : CVE-2021-39191 CVE-2022-23527 Debian Bug : 993648 1026444 Open...

AZL-27465 CVE-2023-22048 affecting package mysql for versions less than 8.0.34-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

CVE-2023-22048

CVE-2023-22048 is a MySQL Server vulnerability in the Server: Pluggable Auth component. Affected versions are 8.0.33 and earlier. It requires network access with a low-privilege attacker and can lead to unauthorized read access to a subset of MySQL data; CVSS 3.1 Base Score is 3.1 (Low). The conn...

CVE-2023-33329

CVE-2023-33329: Authenticated Reflected XSS in Hijiri Custom Post Type Generator plugin

CVE-2023-36383 WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin = 3.9.5 versions...

CVE-2023-24390

CVE-2023-24390 affects the WordPress plugin WeSecur Security (

CVE-2022-47421 WordPress ARMember (free) and ARMember (premium) plugins - vulnerable to Auth. Stored Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARMember free, Repute InfoSystems ARMember premium plugins...

CVE-2022-47421

CVE-2022-47421: Auth. (admin+) Stored Cross-Site Scripting in Repute InfoSystems ARMember (free) and ARMember (premium) WordPress plugins. Administrative users can inject stored XSS via input in ARMember settings/messages; impact per sources includes confidentiality/integrity exposure with potent...

Sql injection

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...

CVE-2023-23660

MainWP Maintenance Extension for WordPress is affected up to version 4.1.1 with an authenticated (subscriber) SQL Injection vulnerability. The root cause is a SQLi in the plugin that can be triggered by a subscriber. Fixed in version 4.1.2; upgrade to mitigate. Patchstack also lists high risk (CV...

Advisory ROSA-SA-2023-2195

software: salt 3004.2 WASP: ROSA-CHROME packageevrstring: salt-3004.2-1.src.rpm CVE-ID: CVE-2022-22967 BDU-ID: 2022-03745 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAM auth function of the Salt configuration management and remote operations execution system is related to the lack of a vali...

Business Website CMS 1.9 SQL Injection

==================================================================================================================================== | Title : Business Website CMS v1.9 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

PT-2023-3655 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.33 and prior Description: The issue is related to insufficient input validation in the Server: Pluggable Auth component of Oracle MySQL Server, allowing a low-privileged attacker with network access via multiple...

Brigadasoft CMS 2.1 SQL Injection

==================================================================================================================================== | Title : Brigadasoft CMS v2.1 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...