Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update

Description The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-leve...

The vulnerability of the Nagios XI monitoring tool lies in its use of strictly encrypted user data. This allows a malicious actor to gain access to read, modify, or delete data, execute arbitrary code, or trigger a service failure.

The vulnerability of the Nagios XI monitoring tool is related to the use of strictly encrypted user data. Exploiting this vulnerability allows an attacker to gain access to read, modify, or delete data, execute arbitrary code, or trigger a service failure...

Insecure Deserialization

dubbo is vulnerable to Insecure Deserialization. The vulnerability is caused due to lack of validation of untrusted user data. An attacker can modify application data, perform a DoS attack or execute arbitrary code by exploiting this vulnerability...

PT-2023-7878 · Unknown · Itpison Omicard Edm

Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The SMS-related function in ITPison OMICARD EDM has insufficient validation for user input, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This ca...

SAP Solution Manager Command Injection Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2023-49587

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

Design/Logic Flaw

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

CVE-2023-49587 Command Injection vulnerability in SAP Solution Manager

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

CVE-2023-49587 Command Injection vulnerability in SAP Solution Manager

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

WordPress Bravo Translate 1.2 SQL Injection

Exploit Title: WP Plugins Bravo Translate = 1.2 - SQL Injection Date: 09-12-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/bravo-translate/ Version: 1.2 Tested on: Windows, Linux CVE: CVE-2023-49161 Product Description This plugin allow you to translate your monolingual...

LadiApp <= 4.4 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of the unprotected...

osCommerce 4 SQL Injection

Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...

WP Cleanfix < 5.7.0 - Subscriber+ Post/Comment/Post Meta Content Replacement

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the register function, allowing authenticated attackers, with subscriber-level access and above, to find and replace post, comment, and postmeta content as well as...

PT-2023-9574 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.5 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Authoring component in Oracle Service Contracts, part of the Oracle E-Business Suite system. This ca...

PT-2023-26827 · Senec +1 · Storage Box V1 +3

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows a remote unauthenticated attacker to capture and modify network traffic because sensitive information is transmitted unencrypted. Recommendations: At the moment, there is ...

PT-2023-9577 · Oracle · Oracle Mes +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Device Integration component of Oracle MES for Process Manufacturing, which can be exploited by a low-privileged attacker with...

PT-2023-9608 · Oracle · Peoplesoft Enterprise Elm Enterprise Learning Management

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise ELM Enterprise Learning Management version 9.2 Description: The issue is related to a vulnerability in the authorization procedure of the Enterprise Learning Management component. This vulnerability allows a low-privileg...

PT-2023-9320 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.8.2 Description: The issue is related to insufficient input validation in the Web Runtime SEC component. It allows an unauthenticated attacker with network access via HTTP to compromise JD...

Enhanced Text Widget <= 1.6.2 - Missing Authorization via etw_hide_admin_notification_callback

Description The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etwhideadminnotificationcallback function in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to hide adm...

Export WP Page to Static HTML/CSS < 2.2.0 - Missing Authorization via Multiple AJAX Actions

Description The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers,...