Ultime vulnerabiltà High & Critical

CVE-2023-5201 The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.

Pubblicata il: 30/09/23
9.9 CRITICAL

CVE-2023-44168 The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-44167 The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-44166 The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-44165 The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-44164 The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-44163 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-43739 The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-43014 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents.

Pubblicata il: 28/09/23
8.8 HIGH

CVE-2023-5185 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Pubblicata il: 28/09/23
8.8 HIGH

CVE-2023-4316 Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails

Pubblicata il: 28/09/23
7.5 HIGH

CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-43226 An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.

Pubblicata il: 28/09/23
8.8 HIGH

CVE-2023-40375 Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.

Pubblicata il: 28/09/23
7.8 HIGH

CVE-2023-30415 Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.

Pubblicata il: 28/09/23
9.8 CRITICAL

CVE-2023-43868 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.

Pubblicata il: 28/09/23
7.5 HIGH

CVE-2023-43867 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function.

Pubblicata il: 28/09/23
7.5 HIGH

CVE-2023-43866 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function.

Pubblicata il: 28/09/23
7.5 HIGH

CVE-2023-43865 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.

Pubblicata il: 28/09/23
7.5 HIGH

CVE-2023-43864 D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.

Pubblicata il: 28/09/23
7.5 HIGH

Nessun articolo presente

News Fujitsu