CVE-2023-2078 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing Authorization

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for...

QuickOrder 6.3.7 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Inout Blockchain FiatExchanger 3.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

The vulnerability of the Sound component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Sound component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data remotel...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to circumvent security restrictions, execute arbitrary SQL code, and gain unauthorized access to read, modify, or delete data.

The vulnerability of the software for processing and transmitting confidential data using Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure during the processing of the UserProcessPassChangeRequest parameter at the human.aspx endpoint. Exploiting...

Inout Blockchain EasyPayments 1.0.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Super Store Finder 3.6 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

The vulnerability of the Paceart Messaging Service in the Paceart Optima cardiac monitoring system allows a perpetrator to gain unauthorized access to read, modify, or delete data, execute arbitrary code, or trigger a service failure.

The vulnerability of the Paceart Messaging Service in the Paceart Optima cardiac monitoring system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to read, modify, or delete data, execute...

Medtronic Paceart Optima 代码问题漏洞

Medtronic Paceart Optima is a comprehensive workflow solution from Medtronic, Inc. to efficiently compile and manage patient cardiac device data. A security vulnerability exists in Medtronic Paceart Optima version 1.11 and prior versions that originates from a data deserialization issue in...

podman: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

PT-2023-3472 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2020.1.11 12.1.11 MOVEit Transfer versions prior to 2021.0.9 13.0.9 MOVEit Transfer versions prior to 2021.1.7 13.1.7 MOVEit Transfer versions prior to 2022.0.7 14.0.7 MOVEit Transfer versions prior to 2022.1...

libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

Incorrect Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization checks. A low-privileged attacker can modify minor functionalities of another user's data...

Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...

GHSA-F989-3FP9-Q3R2 Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

CVE-2023-29296

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...

CVE-2023-29288

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

CVE-2023-29288

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...