1180 matches found
CVE-2023-44166
The 'age' parameter of the processregistration.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-44163
The 'search' parameter of the processsearch.php resource does not validate the characters received and they are sent unfiltered to the database...
RSVPMarker < 10.6.7 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Easy Coming Soon <= 2.3 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-40797
In Tenda AC23 v16.03.07.45cn, the sub4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability...
Tenda AC23 输入验证错误漏洞
Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. The Tenda AC23 suffers from a stack buffer overflow vulnerability that stems from the...
PT-2023-27135 · Webchess · Webchess
Name of the Vulnerable Software and Affected Versions: webchess version 1.0 Description: A SQL injection issue was discovered in webchess via the $playerID parameter at the "mainmenu.php" endpoint. However, it is disputed by a third party who claims that the $playerID is a session variable...
PT-2023-4338 · Softing · Softing Edgeaggregator
Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this issue, where th...
Nozomi Networks Guardian/CMC SQL Injection Vulnerability
Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. An SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from incorrect input validation of sort parameters...
CVE-2023-24698
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...
CVE-2023-24698
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...
Directory traversal
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...
CVE-2023-24698
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...
CVE-2023-24698
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...
CVE-2023-24698
CVE-2023-24698 affects Foswiki up to v2.1.7, specifically the Foswiki::Sandbox component. The issue is insufficient parameter validation that allows directory traversal when a crafted web request is made. Impact: potential access to restricted filesystem areas. Affected software: Foswiki v2.1.7 a...
Huawei HarmonyOS Security Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from insufficient validation of parameters. An attacker exploiting this vulnerability can...
Huawei HarmonyOS Security Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from insufficient validation of parameters. An attacker exploiting this vulnerability can...
Huawei HarmonyOS Security Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from insufficient validation of parameters. An attacker exploiting this vulnerability can...
CVE-2023-25521
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information...
Design/Logic Flaw
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information...