CVE-2023-32712

The CVE-2023-32712 issue affects Splunk Enterprise and Universal Forwarder as described in multiple sources. Affected Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2 allow injecting ANSI escape codes into log files, which a vulnerable terminal can translate to read locally, potent...

PT-2023-7355 · Splunk · Universal Forwarder +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...

Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0606)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0606 advisory. - In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards...

WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Broken Access Control

Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2545 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 109ff0ae5394 Credits Lana Codes Required...

WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2549 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 17403ad53e50 Credits Lana Codes...

WordPress ReviewX 1.6.13 Privilege Escalation Vulnerability

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

WordPress Nested Pages Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software Nested Pages Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2434 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 26e414b00090 Credits Lana Codes Required privilege...

WordPress ReviewX 1.6.13 Privilege Escalation

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

CVE-2022-24632

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...

CVE-2022-24627

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...

CVE-2022-24631

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...

CVE-2022-24629

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodesfiles/ajax/...

CVE-2022-24631

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...

CVE-2022-24632

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...

PT-2023-12761 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue allows remote code execution via directory traversal in the dir parameter of the file upload functionality of "BrowseFiles.php". An attacker can upload a...

PT-2023-12759 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is an unauthenticated SQL injection in the p parameter of the "process login.php" login form. This allows for potential exploitation without the need fo...

Oracle Linux 8 : curl (ELSA-2023-2963)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2963 advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552...

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the mos...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Broken Access Control

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 35a3839f18ce Credits Lana Codes Required...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2736 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 8080227ecd75 Credits Lana Codes Required...