121 matches found
Design/Logic Flaw
Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...
CVE-2023-28896
The CVE-2023-28896 entry describes a vulnerability in the Modular Infotainment Platform 3 (MIB3) UDS on Škoda Superb III (3V3) 2.0 TDI (2022). The issue allows an attacker with physical access to decode UDS data transmitted over the CAN bus, indicating weak or insufficient protection of the diagn...
CVE-2023-28896 Weak encoding for password in UDS services
Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...
CVE-2023-28895 Hard-coded password for access to power controller chip memory
The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...
CVE-2023-28895 Hard-coded password for access to power controller chip memory
The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...
CVE-2023-28895
The CVE-2023-28895 entry concerns Škoda MIB3 infotainment’s PoWer Controller (PWC) with a hard-coded password in the firmware. This allows an attacker with physical access to gain full control of the PWC chip on Škoda Superb III (3V3) 2.0 TDI (2022). Connected documents confirm the hardware/softw...
PT-2023-22036 · Volkswagen · Modular Infotainment Platform 3
Name of the Vulnerable Software and Affected Versions: Modular Infotainment Platform 3 MIB3 affected versions not specified Description: Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus ...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin = 1.1.3 versions...
WordPress Plugin Superb Social Media Share Buttons and Follow Buttons for WordPress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-5434
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sql injection
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-5434 Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-5434
CVE-2023-5434 — SQL Injection in the WordPress plugin Superb slideshow gallery (
CVE-2023-5434 Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Plugin Superb slideshow gallery SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2023-32103 · WordPress · Superb Slideshow Gallery Plugin
Name of the Vulnerable Software and Affected Versions: Superb slideshow gallery plugin for WordPress versions up to, and including, 13.1 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the...
WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection
Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...
WordPress Superb Slideshow Plugin - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Logo Quiz Superb - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Logo Quiz Superb published at the 'play' market has multiple vulnerabilities...
SuperB Cleaner (Boost & Clean) - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application SuperB Cleaner Boost & Clean published at the 'play' market has multiple vulnerabilities...