CVE-2024-0298

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The...

Command injection

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...

WordPress Plugin Ovic Responsive WPBakery Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Ovic Responsive...

CVE-2023-52124 WordPress WP Tabs Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0...

CVE-2023-6493

The Depicter Slider WordPress plugin (Averta Depicter Slider) is vulnerable to Cross-Site Request Forgery in all versions up to 2.0.6 due to missing/incorrect nonce validation on the save function. Unauthenticated attackers can modify plugin settings by tricking an administrator into performing a...

WP Tabs < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Tabs – Responsive Tabs Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

Sql injection

A vulnerability classified as critical was found in S-CMS up to 2.0build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the publ...

CVE-2023-7185

A vulnerability was found in 7-card Fakabao up to 1.0build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpaynotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used...

Sql injection

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJIDSTR leads to sql injection. The exploit has been disclosed to the...

CVE-2023-7091

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to...

Out-of-bounds

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2023-6077 Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

WordPress Responsive Lightbox & Gallery Plugin < 2.4.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dfactory:responsivelightbox"; ifdescription...

Cross site request forgery (csrf)

A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument adminname leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the...

CVE-2023-6904 Jahastech NxFilter config,admin.jsp cross-site request forgery

A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument adminname leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the...

CVE-2023-49174

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5...

CVE-2023-49174

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5...

CVE-2023-49174 WordPress Responsive Lightbox Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5...

CVE-2023-49174

CVE-2023-49174 concerns the WordPress plugin Responsive Lightbox & Gallery (dFactory) and is a cross-site scripting (XSS) vulnerability caused by improper input neutralization during web page generation. The issue is a Stored XSS affecting plugin versions 2.4.5 and earlier. Public sources explici...