Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2023-6226 - The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6226
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6225 - The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6225
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49075 - The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49075
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48713 - Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48713
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32065 - OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32065
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32064 - OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32064
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32063 - OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32063
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6219 - The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6219
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5960 - An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5960
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5797 - An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator's logs on an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5797
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5650 - An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5650
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4398 - An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4398
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4397 - A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4397
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47503 - An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47503
Partager : LinkedIn / Twitter / Facebook

CVE-2023-37926 - A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-37926
Partager : LinkedIn / Twitter / Facebook

CVE-2023-37925 - An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-37925
Partager : LinkedIn / Twitter / Facebook

CVE-2023-35139 - A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-35139
Partager : LinkedIn / Twitter / Facebook

CVE-2023-35136 - An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-35136
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30585 - A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry. The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the "msiexec.exe" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or "non-privileged") users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged "msiexec.exe" process. This manipulation can result in the creation of folders in unintended and potentially malicious locations. It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30585
Partager : LinkedIn / Twitter / Facebook

CVE-2024-0070 - Rejected reason: This CVE ID was unused by the CNA.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2024-0070
Partager : LinkedIn / Twitter / Facebook

CVE-2024-0069 - Rejected reason: This CVE ID was unused by the CNA.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2024-0069
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47437 - A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47437
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29770 - In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29770
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48188 - SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48188
Partager : LinkedIn / Twitter / Facebook

CVE-2023-46480 - An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-46480
Partager : LinkedIn / Twitter / Facebook

CVE-2023-46355 - In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-46355
Partager : LinkedIn / Twitter / Facebook

CVE-2023-46349 - In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-46349
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42366 - A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-42366
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42365 - A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-42365
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42364 - A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-42364
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5885 - The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5885
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5773 - Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5773
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42363 - A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-42363
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32062 - OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32062
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49044 - Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49044
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49030 - SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49030
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48034 - An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48034
Partager : LinkedIn / Twitter / Facebook

CVE-2022-41951 - OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-41951
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49316 - In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49316
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6329 - [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6329
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5974 - The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5974
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5958 - The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5958
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5942 - The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5942
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5906 - The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5906
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5845 - The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5845
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5738 - The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5738
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5737 - The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5737
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5653 - The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5653
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5641 - The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5641
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5620 - The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5620
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5611 - The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5611
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5604 - The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5604
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5560 - The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5560
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5559 - The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5559
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5525 - The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5525
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5325 - The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5325
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5239 - The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5239
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5209 - The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5209
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4922 - The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4922
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4642 - The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4642
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4514 - The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4514
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4297 - The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4297
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4252 - The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4252
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49047 - Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49047
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49042 - Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49042
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49040 - An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49040
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49028 - Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49028
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42000 - Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-42000
Partager : LinkedIn / Twitter / Facebook

CVE-2023-41999 - An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-41999
Partager : LinkedIn / Twitter / Facebook

CVE-2023-41998 - Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-41998
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2707 - The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2707
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49046 - Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49046
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49043 - Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49043
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49029 - Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49029
Partager : LinkedIn / Twitter / Facebook

CVE-2023-41257 - A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-41257
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40194 - An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-40194
Partager : LinkedIn / Twitter / Facebook

CVE-2023-39542 - A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-39542
Partager : LinkedIn / Twitter / Facebook

CVE-2023-38573 - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-38573
Partager : LinkedIn / Twitter / Facebook

CVE-2023-35985 - An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-35985
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32616 - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32616
Partager : LinkedIn / Twitter / Facebook

CVE-2023-31275 - An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-31275
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6287 - Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6287
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4931 - Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4931
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4590 - Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4590
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5871 - A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5871
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5607 - An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5607
Partager : LinkedIn / Twitter / Facebook

CVE-2023-43701 - Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-43701
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42501 - Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-42501
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40610 - Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-40610
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6254 - A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6254
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6202 - Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6202
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49068 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49068
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48369 - Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48369
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48268 - Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48268
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47168 - Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47168
Partager : LinkedIn / Twitter / Facebook

CVE-2023-45223 - Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-45223
Partager : LinkedIn / Twitter / Facebook

CVE-2023-43754 - Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-43754
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40703 - Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-40703
Partager : LinkedIn / Twitter / Facebook

CVE-2023-35075 - Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-35075
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47865 - Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47865
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2023-49145 - Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
28/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49145
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6299 - A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.2. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6299
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6298 - A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6298
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6297 - A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input alert(document.cookie) leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6297
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6296 - A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq">alert(1)zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6296
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49312 - Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49312
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6293 - Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6293
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6277 - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6277
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49298 - OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-49298
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48708 - CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48708
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48707 - CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48707
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48312 - capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48312
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48712 - Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48712
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48711 - google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/...`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-48711
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6276 - A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6276
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6265 - Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-6265
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47791 - Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47791
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47785 - Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47785
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47775 - Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47775
Partager : LinkedIn / Twitter / Facebook

CVE-2023-39925 - Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-39925
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47765 - Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47765
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47758 - Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47758
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47251 - In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47251
Partager : LinkedIn / Twitter / Facebook

CVE-2023-47250 - In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-47250
Partager : LinkedIn / Twitter / Facebook

CVE-2023-25987 - Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uroševi? My YouTube Channel plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-25987
Partager : LinkedIn / Twitter / Facebook

CVE-2023-25986 - Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen – Ancienne version plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-25986
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5742 - The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5742
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5419 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5419
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5417 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5417
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5416 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5416
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5415 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5415
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5411 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5411
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5387 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5387
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5386 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5386
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5385 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5385
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5383 - The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5383
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5382 - The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5382
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5338 - The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5338
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5314 - The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5314
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5163 - The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5163
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5128 - The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5128
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5096 - The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5096
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5048 - The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-5048
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4726 - The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4726
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4686 - The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-4686
Partager : LinkedIn / Twitter / Facebook

CVE-2023-27451 - Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-27451
Partager : LinkedIn / Twitter / Facebook

CVE-2023-27446 - Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-27446
Partager : LinkedIn / Twitter / Facebook

CVE-2023-27444 - Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-27444
Partager : LinkedIn / Twitter / Facebook

CVE-2023-27442 - Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-27442
Partager : LinkedIn / Twitter / Facebook

CVE-2023-26532 - Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin
27/11/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-26532
Partager : LinkedIn / Twitter / Facebook