PT-2023-5718 · D Link · D-Link Dar-8000 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 and DAR-8000 up to 20151231 Description: A critical vulnerability was found in the /sysmanage/updateos.php file, allowing for unrestricted upload due to the manipulation of the file upload argument. This can be exploited...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

WordPress Enable Media Replace Plugin < 4.1.3 is vulnerable to PHP Object Injection

Software Enable Media Replace Type Plugin Vulnerable versions 4.1.3 Fixed in 4.1.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority Low CVSS severity Low 6.6 Developer ShortPixel PSID 5d377501ce8e Credits Unknown Required privilege Editor Published 15 Septembe...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

Medium: poppler

Issue Overview: An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. CVE-2022-38349 Affected Packages: poppler Issue Correction: Run...

CVE-2023-41163

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down...

PT-2023-27839 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin version 2.000 Description: A Reflected Cross-site scripting XSS issue in the file manager tab allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the PDFDoc::replacePageDict function processes data missing a necessary stream check while saving an embedded file. The attacker can cause an assertion failure in Object.h, rendering the service unavailable...

CVE-2023-31228

CVE-2023-31228 affects the CreativeMindsSolutions CM On Demand Search And Replace plugin for WordPress, specifically versions

WordPress plugin CM On Demand Search And Replace 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2023-40252

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

Code injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

CVE-2023-40252

The CVE-2023-40252 issue is an improper control of generation of code vulnerability in Genian NAC products (V4.0 from 4.0.0 to 4.0.155; V5.0 from 5.0.0 to 5.0.42; Suite V5.0 from 5.0.0 to 5.0.54; ZTNA from 6.0.0 to 6.0.15). The root cause is Code Injection that allows Replace Trusted Executable, ...

CVE-2023-40252

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

WordPress Enable Media Replace Plugin < 4.0.0 Path Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:shortpixel:enablemediareplace"; if description...

WordPress Enable Media Replace Plugin < 4.0.2 Arbitrary File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:shortpixel:enablemediareplace"; if description...

WordPress Better Search Replace Plugin < 1.4.1 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...