389 matches found
CVE-2024-1778
CVE-2024-1778 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability is due to a missing capability check in the zt_dcfcf_change_bookmark() function, enabling unauthenticated actors to modify bookmark statuses in all versions up to 1.1.1. Multiple connected s...
Prototype Pollution
hoolock is vulnerable to Prototype Pollution. The vulnerability is due to utility functions failing to block attempts to access or alter object prototypes. An attacker can modify application data or perform a Denial of Service by exploiting this vulnerability...
CVE-2022-24351
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process...
PT-2023-12746 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.2 before 05.27.29 InsydeH2O versions 5.3 before 05.36.29 InsydeH2O versions 5.4 before 05.44.13 InsydeH2O versions 5.5 before 05.52.13 Description: A TOCTOU race-condition issue allows an attacker to alter data and code...
CVE-2022-24351
The CVE-2022-24351 issue affects InsydeH2O BIOS used in Siemens/InsydeH2O platforms (e.g., various Kernel 5.x branches) and is a TOCTOU race condition that can alter data and code used during the boot process. The connected documents confirm affected versions: InsydeH2O 5.2 before 05.27.29, 5.3 b...
The vulnerability of microprogrammed software in Osprey Pump Controller controllers allows a intruder to alter arbitrary data or cause malfunctions during maintenance.
The vulnerability of microprogrammed software in Osprey Pump Controller controllers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to alter arbitrary data or cause malfunctions in the system...
Information disclosure
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...
PT-2023-22122 · Unknown · Facschorus
Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, whi...
CVE-2023-39695
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...
PT-2023-27189 · WordPress · Wpdiscuz
Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin for WordPress versions up to, and including, 7.6.3 Description: The issue is related to a missing authorization check on the userRate function, allowing unauthenticated attackers to modify data by increasing or decreasing the...
WS_FTP Server SQL Injection Vulnerability
Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A SQL injection vulnerability exists in WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker exploiting this vulnerability is able to infer information about the structure and content ...
Sql injection
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...
GHSA-C9HW-557Q-F8HQ Pimcore vulnerable to SQL Injection in Dataobjects sorting
Impact Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database. Patches Update to version 10.6.5 or apply this patch manually...
PT-2023-9532 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to errors in authorization within the Field Service Engineer Portal component of Oracle Field Service in Oracle E-Business Suite. This easily exploitabl...
CVE-2023-27304
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...
CVE-2023-27384
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport...
Authentication flaw
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...
Authentication flaw
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport...
CVE-2023-27384
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport...
CVE-2023-27304
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...