2391 matches found
PT-2023-19273 · Unknown +1 · Himanshu Bing Site Verification +1
Name of the Vulnerable Software and Affected Versions: Himanshu Bing Site Verification plugin using Meta Tag plugin version 1.0 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability...
PT-2023-7943 · Unified Automation · Uagateway
Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: This issue is a use-after-free vulnerability within the handling of NodeManagerOpcUa objects. The vulnerability allows remote attackers to execute arbitrary code on...
PT-2023-19283 · Unknown · Fullworks Quick Paypal Payments
Name of the Vulnerable Software and Affected Versions: Fullworks Quick Paypal Payments plugin versions = 5.7.25 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...
PT-2023-14523 · Unknown · 1App Business Forms
Name of the Vulnerable Software and Affected Versions: 1app Business Forms plugin versions prior to 1.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication, specifically with author or higher privileges. This vulnerability affects th...
UBUNTU-CVE-2023-22001
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2022-43480
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Magneticlab Sàrl Homepage Pop-up plugin = 1.2.5 versions...
PT-2023-19905 · Avalex Gmbh · Avalex
Name of the Vulnerable Software and Affected Versions: avalex – Automatically secure legal texts plugin versions 3.0.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects t...
CVE-2023-25062
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin = 2.9.9.2.8 versions...
EasyNas 1.1.0 Command Injection
Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...
CVE-2023-20121
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager EPNM, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating...
PT-2023-19269 · Wpdevart · Wpdevart Responsive Vertical Icon Menu Plugin
Name of the Vulnerable Software and Affected Versions: wpdevart Responsive Vertical Icon Menu plugin versions 1.5.8 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication with admin or higher privileges...
Vulnerabilities fixed in IBM QRadar SIEM and User Behavior Analytics
IBM fixed vulnerabilities in QRadar SIEM and User Behavior Analytics. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security...
CVE-2022-42425
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2022-42424
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
Design/Logic Flaw
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a...
CVE-2023-1575
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2022-43622
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...
CVE-2022-42426
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2022-27643
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the...
CVE-2022-42425
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...