Lucene search
K

11235 matches found

NVD
NVD
added 2023/02/13 3:15 p.m.22 views

CVE-2023-0080

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...

8.8CVSS8.7AI score0.01125EPSS
Exploits1References1
NVD
NVD
added 2023/02/13 3:15 p.m.30 views

CVE-2023-0159

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

7.5CVSS7.6AI score0.55736EPSS
Exploits3References1
Prion
Prion
added 2023/02/13 3:15 p.m.19 views

Design/Logic Flaw

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...

6.5CVSS8.6AI score0.01125EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/02/13 3:15 p.m.21 views

Design/Logic Flaw

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

5CVSS7.6AI score0.55736EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.24 views

CVE-2023-0080 Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...

8.8AI score0.01125EPSS
Exploits1References1
CVE
CVE
added 2023/02/13 2:32 p.m.49 views

CVE-2023-0080

The CVE-2023-0080 entry concerns the WordPress plugin Customer Reviews for WooCommerce (pre-5.16.0). The vulnerability arises from a deficient validation of a shortcode attribute, enabling users with a contributor role or higher to perform Local File Inclusion by traversing attributes to read arb...

8.8CVSS8.7AI score0.01125EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.35 views

CVE-2023-0159 Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

7.8AI score0.55736EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2023/02/13 8:10 a.m.573 views

Exploit for Cross-site Scripting in Dompdf_Project Dompdf

CVE-2022-28368 - Dompdf RCE Dompdf RCE PoC Exploit !alt text...

9.8CVSS9.7AI score0.82438EPSS
Exploits8
0day.today
0day.today
added 2023/02/13 12:0 a.m.548 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

9.8CVSS9.8AI score0.99753EPSS
Exploits15
Prion
Prion
added 2023/02/11 1:23 a.m.16 views

Design/Logic Flaw

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

6.5CVSS8.9AI score0.01034EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/10 10:3 p.m.24 views

CVE-2023-25558 Deserialization of untrusted data in DataHub

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

7.5CVSS8.6AI score0.01034EPSS
Exploits0References4
CVE
CVE
added 2023/02/10 10:3 p.m.47 views

CVE-2023-25558

CVE-2023-25558 affects the DataHub open-source metadata platform. When the DataHub frontend uses SSO, it relies on the pac4j library to process id_token claims. If a claim begins with the {#sb64} prefix, pac4j may deserialize it as a Java object, enabling potential Remote Code Execution (RCE). A ...

8.8CVSS8.5AI score0.01034EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.11 views

EulerOS 2.0 SP10 : sysstat (EulerOS-SA-2023-1401)

According to the versions of the sysstat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1...

7.8CVSS7.4AI score0.01096EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/02/10 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1373)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01096EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.207 views

ManageEngine ServiceDesk Plus MSP Unauthenticated RCE (CVE-2022-47966)

Binary data manageengineservicedeskmspcve-2022-47966.nbin...

9.8CVSS9.2AI score0.99753EPSS
Exploits15References3
Huntr
Huntr
added 2023/02/09 11:29 p.m.28 views

RCE by Server Side Template Injection

Description Hi, During my testing, I discovered that it is possible to inject code into the system through the "first name" field. This vulnerability allows for server-side template injection, which can lead to arbitrary code execution. The impact of this vulnerability is potentially significant...

7.5CVSS9.7AI score0.01799EPSS
Exploits1
Metasploit
Metasploit
added 2023/02/09 7:52 p.m.267 views

ManageEngine Endpoint Central Unauthenticated SAML RCE

This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...

9.8CVSS9.7AI score0.99753EPSS
Exploits15
Metasploit
Metasploit
added 2023/02/09 7:52 p.m.516 views

Fortra GoAnywhere MFT Unsafe Deserialization RCE

This module exploits CVE-2023-0669, which is an object deserialization vulnerability in Fortra GoAnywhere MFT. Module Options msf use exploit/multi/http/fortragoanywherercecve20230669 msf exploitfortragoanywherercecve20230669 show targets ...targets... msf exploitfortragoanywherercecve20230669 se...

7.2CVSS8.6AI score0.99999EPSS
Exploits12
OpenVAS
OpenVAS
added 2023/02/09 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01096EPSS
Exploits1References2
OSV
OSV
added 2023/02/07 9:30 p.m.60 views

GHSA-26F8-X7CC-WQPC Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.7AI score0.95302EPSS
Exploits7References6
Rows per page
Query Builder