PT-2023-23979 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: A low-privileged user can perform an unauthorize...

mipjz 跨站脚本漏洞

mipjz is sansanyun individual developers of a set of Baidu Mobile Accelerator MIP-based content management system . A security vulnerability exists in mipjz version v5.0.5, which stems from a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or...

Cityboss E-municipality SQL注入漏洞

Cityboss E-municipality is an e-municipality application from Cityboss, Inc. An SQL injection vulnerability exists in Cityboss E-municipality versions prior to 6.05, which stems from improper neutralization of the particular element used...

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

WordPress plugin Avirato hotels online booking engine SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

SAP HCM Travel Management 代码问题漏洞

SAP HCM Travel Management is a travel management module from SAP, Germany. A code issue vulnerability exists in SAP HCM Travel Management version 605, which stems from a failure to perform required authorization checks on users...

WordPress Plugin Multi Rating 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2022-31405

MV iDigital Clinic Enterprise iDCE 1.0 stores passwords in cleartext...

modoboa 跨站脚本漏洞

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.0.5. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

SUSE CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

SUSE CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

SUSE CVE-2021-28275

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a craftedfile...

PT-2023-13378 · Dell · Solution Enabler Vapp +2

Name of the Vulnerable Software and Affected Versions: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp versions 10.0.0.5 and below Description: The issue allows users to perform actions for which they are not authorized due to an authorization bypass...

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions prior to 6.6.6, 7.x through 7.0.5, and 7.1.x through 7.1....

PT-2023-9268 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue is related to Cross-site Scripting, where an administrator can store malicious code in help links. This can be exploited by a remote attacker to save arbitrary code in the help links...

PT-2023-18551 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue allows unauthorized access to inventory files. If anonymous access to FAQ is allowed, inventory files become accessible by unauthenticated users. Recommendations: For GLPI versions...

WordPress plugin WP Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-20503

creationtimestamp| type| source ---|---|--- 2022-12-16 18:37:40+00:00| seen| https://t.me/cibsecurity/54739...

PT-2022-24569 · WordPress · The Car Dealer (Dealership)/Vehicle Sales Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Car Dealer Dealership and Vehicle sales WordPress Plugin versions prior to 3.05 Description: The issue is related to improper authorization and CSRF in an AJAX action. This allows any authenticated users, such as subscribers, to call the...

Tenda AC6 安全漏洞

Tenda AC6 is a wireless router from Tenda, China. A security vulnerability exists in Tenda AC6V1.0 V15.03.05.19, which originates from a buffer overflow vulnerability via the limitSpeedUp parameter in the formSetClientState function...