6610 matches found
PT-2023-3552 · D Link · D-Link Di-7500G-Ci
Name of the Vulnerable Software and Affected Versions: D-Link DI-7500G-CI version 19.05.29A Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code by uploading a crafted HTML file to the "interface /auth pic.cgi". The vulnerability is related to the lack of...
OESA-2023-1306 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
PT-2023-24824 · Jetbrains · Jetbrains Ktor
Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 2.3.1 Description: The issue allows headers containing authentication data to be added to the exception's message. This could potentially expose sensitive information. Recommendations: For versions prior to...
PT-2023-14315 · Rancher · Rancher
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.6.0 through 2.6.12 Rancher versions 2.7.0 through 2.7.3 Description: An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue allows users in higher-privileged groups to inject code execut...
missing permission check for API /setting/workspace/member/update
Proof of Concept 1 user1 是workspace1的空间管理员 2 user2 是workspace1的成员 3 user1 更新user2的信息,比如将其更新为空间管理员 4 使用burpsuite拦截请求 POST /setting/workspace/member/update HTTP/1.1 Host: 192.168.213.128:8081 Content-Length: 144 Accept-Language: zh-CN WORKSPACE: bd6fc04b-15af-43dc-8cb6-411deaec81a7 User-Agent:...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...
CVE-2023-33311
CVE-2023-33311 affects the CRM Perks Contact Form Entries WordPress plugin (
CVE-2023-33311 WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nose Graze Novelist plugin = 1.2.0 versions...
Design/Logic Flaw
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...
Stackposts Social Marketing Tool 1.0 SQL Injection
Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/stackposts-social-marketing-tool/21747459 Demo Site: https://demo.stackposts.com Tested on: Kali Linux CVE: N/A Request POST /spmo/auth/login...
Debian: Security Advisory (DSA-5405-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-23667 WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in BeRocket Brands for WooCommerce plugin = 3.7.0.6 versions...
CVE-2023-23999
MonsterInsights (WordPress Google Analytics by MonsterInsights) plugin
CVE-2022-47157 WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...
DSA-5405-1 libapache2-mod-auth-openidc - security update
Bulletin has no description...
Information Disclosure
github.com/etcd-io/etcd is vulnerable to Information Disclosure. The vulnerability exists in the LeaseTimeToLive function of v3server.go because it allows access to key names not value associated with a lease when the Keys parameter is true, even if the user doesn't have read permission to the...
GHSA-PMMR-R9V2-59P8 Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...