CVE-2023-1194 Use-after-free in parse_lease_state()

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

CVE-2023-5919

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

PT-2023-32418 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS version 1.0 Description: A vulnerability was found in the Create Blog Page component, specifically affecting some unknown functionality of the file /dashboard/createblog. This issue leads to unrestricted...

CVE-2023-47099

A Stored Cross-Site Scripting XSS vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server...

CVE-2023-47099

A Stored Cross-Site Scripting XSS vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server...

Virtualmin Cross-Site Scripting Vulnerability

Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in the Create Virtual Server feature...

PT-2023-30307 · Unknown · Virtualmin

Name of the Vulnerable Software and Affected Versions: Virtualmin version 7.7 Description: A Stored Cross-Site Scripting XSS issue in the Create Virtual Server functionality of Virtualmin allows remote attackers to inject arbitrary web script or HTML via the Description field while creating the...

CVE-2023-46076 WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

GHSA-QCJ9-GCPG-4W2W XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled

Impact When document names are validated according to a name strategy disabled by default, XWiki is vulnerable to a reflected XSS attack in the page creation form. To reproduce, make sure that "Validate names before saving" is enabled in the administration under "Editing" - "Name strategies" and...

GHSA-GHF6-2F42-MJH9 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

Impact In XWiki, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution...

CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12...

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...

PT-2023-8603 · Xwiki · Xwiki Platform +1

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 7.2-milestone-2 through 14.10.12 org.xwiki.platform:xwiki-platform-web-templates versions prior to 14.10.12 and 15.5-rc-1 Description: The issue allows an attacker to pass a title to the page creation action that isn't...

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Path Traversal. The vulnerability results from inadequate sanitization of the filename parameter. Exploiting this flaw, an attacker can execute HTTP requests on the localhost interface or bypass CORS configuration. Consequently, they may be...

Cross site request forgery (csrf)

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the createprofile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted th...

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP POST request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...