137 matches found
CVE-2024-5823
A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions <= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...
PT-2024-38664 · WordPress · Adstxt Plugin
Name of the Vulnerable Software and Affected Versions: adstxt Plugin WordPress plugin version 1.0.0 Description: The issue is related to the lack of a CSRF check when updating settings in the adstxt Plugin WordPress plugin. This could allow attackers to make a logged-in admin change settings via ...
WordPress plugin blogintroduction-wordpress-plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-39300
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings...
The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.
The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software is related to deficiencies in the protection of registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access and alter the router’s settings...
WordPress WP Prayer II plugin <= 2.4.7 - CSRF Leading to Plugin Settings Change vulnerability
CSRF Leading to Plugin Settings Change vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer II versions = 2.4.7...
Multiple vulnerabilities in home gateway HGW BL1500HM
Overview Home gateway HGW BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Use of weak credentials CWE-1391 - CVE-2024-21865, CVE-2024-29071 Command injection CWE-77 - CVE-2024-28041 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC...
CVE-2023-50250
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in templatesimport.php...
CBC AMERICA 多款产品安全漏洞
CBC AMERICA DR series and CBC AMERICA NR series are a series of digital video recorders from CBC AMERICA. A security vulnerability exists in a number of CBC AMERICA products. The vulnerability stems from the presence of an unknown function, which can be exploited by a remote attacker to execute...
Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"
Overview WordPress Plugin "TS Webfonts for SAKURA" provided by SAKURA internet Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-32624 Cross-site request forgery CWE-352 - CVE-2023-32625 SAKURA internet Inc. reported these vulnerabilities to IPA to notify...
PT-2023-3292 · Teamviewer · Teamviewer Remote
Name of the Vulnerable Software and Affected Versions: TeamViewer Remote versions 15.41 through 15.42.7 Description: The issue is related to an improper authorization check of local device settings in TeamViewer Remote, allowing an unprivileged user to change basic local device settings even thou...
CVE-2023-30764
OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...
CVE-2023-30766
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...
CVE-2021-4348
The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the exportsettings & importsettings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks suc...
PT-2023-11839 · WordPress · Wp Gdpr
Name of the Vulnerable Software and Affected Versions: WP GDPR plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to authorization bypass due to a missing capability check. This allows unauthenticated attackers to delete any comment and modify the plugin's...
CVE-2023-2301
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...