CVE-2023-5201 The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
Pubblicata il: 30/09/23CVE-2023-44168 The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-44167 The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-44166 The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-44165 The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-44164 The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-44163 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-43739 The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.
Pubblicata il: 28/09/23CVE-2023-43014 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents.
Pubblicata il: 28/09/23CVE-2023-5185 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
Pubblicata il: 28/09/23CVE-2023-4316 Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails
Pubblicata il: 28/09/23CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.
Pubblicata il: 28/09/23CVE-2023-43226 An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
Pubblicata il: 28/09/23CVE-2023-40375 Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.
Pubblicata il: 28/09/23CVE-2023-30415 Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.
Pubblicata il: 28/09/23CVE-2023-43868 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.
Pubblicata il: 28/09/23CVE-2023-43867 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function.
Pubblicata il: 28/09/23CVE-2023-43866 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function.
Pubblicata il: 28/09/23CVE-2023-43865 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.
Pubblicata il: 28/09/23CVE-2023-43864 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.
Pubblicata il: 28/09/23