1180 matches found
Input validation
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack...
PT-2023-20205 · Zte · Zte Mobile Internet Product
Name of the Vulnerable Software and Affected Versions: ZTE mobile internet products affected versions not specified Description: The issue is related to a denial of service vulnerability in ZTE mobile internet products. It is caused by insufficient validation of the Web interface parameter,...
SQL Injection Vulnerability in DAR-7000 of AUO Electronic Equipment (Shanghai) Co.
DAR-7000 is an Internet Behavior Audit Gateway from AUO Electronic Devices Shanghai Co. AUO DAR-7000 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter id of the file /user/inc/workidajax.php for externally entered SQL statements. The...
Mattermost Injection Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to validate the route parameter in //channels/. An attacker exploiting this vulnerability could access files and directorie...
CVE-2023-46755
Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart...
IdeaPush < 8.53 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
TOTOLINK A3300R enable parameter command execution vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the failure to validate the enable parameter when processing a setLedCfg request, and can be exploited by a...
PT-2023-29517 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the price parameter of the "routers/menu-router.php" resource does not validate the characters...
PT-2023-29507 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the deleted parameter of the "routers/add-users.php" resource does not validate the characters...
PT-2023-32335 · WordPress · The Assistant Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The Assistant WordPress plugin versions prior to 1.4.4 Description: The issue arises from the plugin not validating a parameter before making a request to it via wp remote get, which could allow users with a role as low as Editor to perform...
Assistant < 1.4.4 - Editor+ SSRF
Description The plugin does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks PoC As an Editor or above, open http://example.com/index.php?flasstimageproxy=https://127.0.0.1...
Smart Cookie Kit < 2.3.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Plugin Migration, Backup, Staging - WPvivid Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
WordPress Plugin flowpaper Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Gumroad <= 3.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-20261
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...
PT-2023-17423 · Cisco · Cisco Catalyst Sd-Wan Manager
Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager affected versions not specified Description: A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This...
CVE-2023-3155
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3155
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...