PT-2023-29235 · Sourcecodester · Sourcecodester Free Hospital Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Free Hospital Management System for Small Practices version 1.0 Description: A critical issue affects the processing of the file vmpatientbooking-complete.php, where the manipulation of the userid, apponum, and scheduleid...

Datoo Complete Dating Script 1.0 Insecure Settings

==================================================================================================================================== | Title : Datoo - Complete Dating Script v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CVE-2023-3508

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...

CVE-2023-3508 WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...

PT-2023-25133 · WordPress · Woocommerce Pre-Orders

Name of the Vulnerable Software and Affected Versions: WooCommerce Pre-Orders WordPress plugin versions prior to 2.0.3 Description: The issue is related to a flawed CSRF check when processing tab actions. This could allow attackers to make logged-in admins perform unintended actions, such as...

MAL-2023-405 Malicious code in fca-ivancotacte2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef8b883ae561a36b9f4c9c491ea5934587e8dc686611d12b58fdc4290726a833 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-21950

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Oracle MySQL Server 8.0.x < 8.0.34 (October 2023 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 5.7.42 and...

Buffer overflow

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

CVE-2023-22008

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

D-Link DIR-823G 'EXCU_SHELL' RCE Vulnerability - Active Check

D-Link DIR-823G Routers are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20230619-06

Vulnerability in protobuf-c data serialization protocol is related to integer overflow in the function parserequiredmember. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a complete compromise of the vulnerable system...

Malicious code in reat-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb8a3d57163b34785a2092a45dcf9e0e1601b827c144a5a955212214317de9c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @leanmull/ldb-decryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d4e66532be866fa2974fbd1653c75fa4bec095ad78503c70b153fb75c8445a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 37 Update: libssh-0.10.5-1.fc37

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

Craft CMS stored XSS in review volume

Summary XSS can be triggered by review volumes PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert1337 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 6. Click Update asset indexes. 7. Wait to assets update success. 8. Progress complete. 9...

K000134727: MySQL vulnerability CVE-2023-21962

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

AlmaLinux 8 : mysql:8.0 (ALSA-2023:3087)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3087 advisory. mysql: Server: Security: Privileges unspecified vulnerability CPU Apr 2023 CVE-2023-21912 mysql: Server: Optimizer unspecified vulnerability CPU Oct 2022...