Lucene search
K

121 matches found

Prion
Prion
added 2023/12/01 2:15 p.m.19 views

Design/Logic Flaw

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...

2.1CVSS6.9AI score0.0014EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/01 2:1 p.m.56 views

CVE-2023-28896

The CVE-2023-28896 entry describes a vulnerability in the Modular Infotainment Platform 3 (MIB3) UDS on Škoda Superb III (3V3) 2.0 TDI (2022). The issue allows an attacker with physical access to decode UDS data transmitted over the CAN bus, indicating weak or insufficient protection of the diagn...

3.3CVSS3.7AI score0.0014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/01 2:1 p.m.26 views

CVE-2023-28896 Weak encoding for password in UDS services

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...

3.3CVSS4.2AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/01 1:41 p.m.31 views

CVE-2023-28895 Hard-coded password for access to power controller chip memory

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

3.5CVSS7AI score0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/01 1:41 p.m.16 views

CVE-2023-28895 Hard-coded password for access to power controller chip memory

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

3.5CVSS7.1AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2023/12/01 1:41 p.m.60 views

CVE-2023-28895

The CVE-2023-28895 entry concerns Škoda MIB3 infotainment’s PoWer Controller (PWC) with a hard-coded password in the firmware. This allows an attacker with physical access to gain full control of the PWC chip on Škoda Superb III (3V3) 2.0 TDI (2022). Connected documents confirm the hardware/softw...

6.8CVSS4.9AI score0.00313EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.4 views

PT-2023-22036 · Volkswagen · Modular Infotainment Platform 3

Name of the Vulnerable Software and Affected Versions: Modular Infotainment Platform 3 MIB3 affected versions not specified Description: Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus ...

3.3CVSS6.7AI score0.0014EPSS
Exploits0References6
Prion
Prion
added 2023/11/10 2:15 p.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin = 1.1.3 versions...

6.8CVSS7.5AI score0.00312EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.4 views

WordPress Plugin Superb Social Media Share Buttons and Follow Buttons for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS6.3AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2023/10/31 9:15 a.m.23 views

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.7AI score0.00797EPSS
Exploits1References3
Prion
Prion
added 2023/10/31 9:15 a.m.19 views

Sql injection

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS7.1AI score0.00797EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 8:32 a.m.9 views

CVE-2023-5434 Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS6.9AI score0.00797EPSS
Exploits1References3
CVE
CVE
added 2023/10/31 8:32 a.m.104 views

CVE-2023-5434

CVE-2023-5434 — SQL Injection in the WordPress plugin Superb slideshow gallery (

8.8CVSS6.7AI score0.00797EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/31 8:32 a.m.29 views

CVE-2023-5434 Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.8AI score0.00797EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.4 views

WordPress Plugin Superb slideshow gallery SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS7.7AI score0.00797EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.6 views

PT-2023-32103 · WordPress · Superb Slideshow Gallery Plugin

Name of the Vulnerable Software and Affected Versions: Superb slideshow gallery plugin for WordPress versions up to, and including, 13.1 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the...

8.8CVSS7.3AI score0.00797EPSS
Exploits1References6
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.20 views

WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection

Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...

8.8CVSS6.8AI score0.00797EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2016/07/27 12:0 a.m.10 views

WordPress Superb Slideshow Plugin - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.8AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:11 a.m.14 views

Logo Quiz Superb - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Logo Quiz Superb published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:30 a.m.44 views

SuperB Cleaner (Boost & Clean) - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application SuperB Cleaner Boost & Clean published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder