Company Website CMS 代码问题漏洞

Company Website CMS is a company website CMS. A file upload vulnerability exists in Company Website CMS v1.0. The vulnerability stems from the application's lack of validation of uploaded files. An attacker can exploit this vulnerability to upload malicious files and remotely execute arbitrary co...

The vulnerability in the software web interface for processing and transmitting confidential data of Progress MOVEit Transfer lies in the lack of validation for XML objects’ sequences, allowing an intruder to gain unauthorized access to the MOVEit Transfer database.

The vulnerability of the software web interface for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of verification of the validity of XML objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...

PT-2023-23421 · Tagdiv · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer WordPress plugin versions prior to 4.2 Description: The issue allows users with Admin privileges to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, such as in a multisite...

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a format string error vulnerability that stems from a lack of validation of specific values in its setiperf3svr.cgi module, resulting in a format string vulnerability...

PT-2023-4495 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the target must...

Total CMS 代码问题漏洞

Total CMS is an online editing solution from Total CMS Open Source. A file upload vulnerability exists in Total CMS version 1.7.4, which stems from the lack of validation of uploaded files by the edit page feature. The vulnerability can be exploited to remotely execute arbitrary code by uploading...

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

The vulnerability of the user_list_backend.php script in the Piwigo content management system allows attackers to carry out SQL injection attacks.

The vulnerability of the userlistbackend.php script in the Piwigo content management system is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

PT-2023-2951 · Cscape · Cscape Envision Rv +1

Name of the Vulnerable Software and Affected Versions: Cscape EnvisionRV affected versions not specified Cscape affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied data when parsing font files, such as FNT. This can lead to an...

PT-2023-2950 · Horner Automation · Horner Automation Cscape Envisionrv +1

Name of the Vulnerable Software and Affected Versions: Horner Automation Cscape EnvisionRV affected versions not specified Cscape affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied data when parsing project files, such as CSP. This ca...

CVE-2023-28649

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but do...

CVE-2023-1967

Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid...

CVE-2023-0670

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...

SUSE CVE-2011-1923

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095...

SUSE CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that...

CVE-2023-0169

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross-Site Request Forgery (CSRF)

xxl-job is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to a lack of validation in updatePwd which allows an attacker to modify any user passwords...

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2022-42418

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...