This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T20:59:01+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The \'firstName\' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.]]> 2023-10-31T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44484 www.secnews.physaphae.fr/article.php?IdArticle=8403806 False None None None CVE Liste - Common Vulnerability Exposure Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The \'address\' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.]]> 2023-10-31T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44486 www.secnews.physaphae.fr/article.php?IdArticle=8403808 False None None None CVE Liste - Common Vulnerability Exposure An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46484 www.secnews.physaphae.fr/article.php?IdArticle=8403769 False None None None CVE Liste - Common Vulnerability Exposure VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20886 www.secnews.physaphae.fr/article.php?IdArticle=8403763 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43295 www.secnews.physaphae.fr/article.php?IdArticle=8403768 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39610 www.secnews.physaphae.fr/article.php?IdArticle=8403766 False None None None CVE Liste - Common Vulnerability Exposure A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3676 www.secnews.physaphae.fr/article.php?IdArticle=8403764 False None Uber None CVE Liste - Common Vulnerability Exposure An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46485 www.secnews.physaphae.fr/article.php?IdArticle=8403770 False None None None CVE Liste - Common Vulnerability Exposure A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.]]> 2023-10-31T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3955 www.secnews.physaphae.fr/article.php?IdArticle=8403765 False None Uber None CVE Liste - Common Vulnerability Exposure In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.]]> 2023-10-31T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41377 www.secnews.physaphae.fr/article.php?IdArticle=8403767 False None None None CVE Liste - Common Vulnerability Exposure A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.]]> 2023-10-31T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37832 www.secnews.physaphae.fr/article.php?IdArticle=8403725 False None None None CVE Liste - Common Vulnerability Exposure An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.]]> 2023-10-31T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45955 www.secnews.physaphae.fr/article.php?IdArticle=8403726 False None None None CVE Liste - Common Vulnerability Exposure An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.]]> 2023-10-31T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37831 www.secnews.physaphae.fr/article.php?IdArticle=8403724 False None None None CVE Liste - Common Vulnerability Exposure Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.]]> 2023-10-31T17:15:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43796 www.secnews.physaphae.fr/article.php?IdArticle=8403670 False None None None CVE Liste - Common Vulnerability Exposure lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`.]]> 2023-10-31T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46723 www.secnews.physaphae.fr/article.php?IdArticle=8403680 False None None None CVE Liste - Common Vulnerability Exposure PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.]]> 2023-10-31T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46256 www.secnews.physaphae.fr/article.php?IdArticle=8403678 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user\'s cookie and gain unauthorized access to that user\'s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.]]> 2023-10-31T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46722 www.secnews.physaphae.fr/article.php?IdArticle=8403679 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.]]> 2023-10-31T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5739 www.secnews.physaphae.fr/article.php?IdArticle=8403681 False None None None CVE Liste - Common Vulnerability Exposure SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue.]]> 2023-10-31T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46255 www.secnews.physaphae.fr/article.php?IdArticle=8403677 False None None None CVE Liste - Common Vulnerability Exposure Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software\'s PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available.]]> 2023-10-31T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46245 www.secnews.physaphae.fr/article.php?IdArticle=8403673 False Vulnerability None None CVE Liste - Common Vulnerability Exposure quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.]]> 2023-10-31T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46239 www.secnews.physaphae.fr/article.php?IdArticle=8403671 False None None None CVE Liste - Common Vulnerability Exposure Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user\'s machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can\'t promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded.]]> 2023-10-31T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46248 www.secnews.physaphae.fr/article.php?IdArticle=8403674 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users\' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user, and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin.]]> 2023-10-31T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46249 www.secnews.physaphae.fr/article.php?IdArticle=8403675 False None None None CVE Liste - Common Vulnerability Exposure pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.]]> 2023-10-31T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46250 www.secnews.physaphae.fr/article.php?IdArticle=8403676 False Vulnerability None None CVE Liste - Common Vulnerability Exposure CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set(\'display_errors\', \'0\')` with `ini_set(\'display_errors\', \'Off\')` in `app/Config/Boot/production.php`.]]> 2023-10-31T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46240 www.secnews.physaphae.fr/article.php?IdArticle=8403672 False None None None CVE Liste - Common Vulnerability Exposure Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42658 www.secnews.physaphae.fr/article.php?IdArticle=8403601 False None None None CVE Liste - Common Vulnerability Exposure Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40050 www.secnews.physaphae.fr/article.php?IdArticle=8403597 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37966 www.secnews.physaphae.fr/article.php?IdArticle=8403596 False Vulnerability None None CVE Liste - Common Vulnerability Exposure FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46236 www.secnews.physaphae.fr/article.php?IdArticle=8403605 False Vulnerability None None CVE Liste - Common Vulnerability Exposure FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46235 www.secnews.physaphae.fr/article.php?IdArticle=8403604 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46992 www.secnews.physaphae.fr/article.php?IdArticle=8403611 False None None None CVE Liste - Common Vulnerability Exposure In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46993 www.secnews.physaphae.fr/article.php?IdArticle=8403612 False None None None CVE Liste - Common Vulnerability Exposure An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42425 www.secnews.physaphae.fr/article.php?IdArticle=8403598 False Cloud None None CVE Liste - Common Vulnerability Exposure FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.]]> 2023-10-31T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46237 www.secnews.physaphae.fr/article.php?IdArticle=8403606 False None None None CVE Liste - Common Vulnerability Exposure The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37243 www.secnews.physaphae.fr/article.php?IdArticle=8403595 False None None None CVE Liste - Common Vulnerability Exposure All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22518 www.secnews.physaphae.fr/article.php?IdArticle=8403585 False Cloud None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33927 www.secnews.physaphae.fr/article.php?IdArticle=8403592 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24410 www.secnews.physaphae.fr/article.php?IdArticle=8403587 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31212 www.secnews.physaphae.fr/article.php?IdArticle=8403591 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35879 www.secnews.physaphae.fr/article.php?IdArticle=8403593 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.]]> 2023-10-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36508 www.secnews.physaphae.fr/article.php?IdArticle=8403594 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5098 www.secnews.physaphae.fr/article.php?IdArticle=8403615 False None None None CVE Liste - Common Vulnerability Exposure The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5237 www.secnews.physaphae.fr/article.php?IdArticle=8403618 False None None None CVE Liste - Common Vulnerability Exposure The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5519 www.secnews.physaphae.fr/article.php?IdArticle=8403624 False None None None CVE Liste - Common Vulnerability Exposure The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the \'id\' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5211 www.secnews.physaphae.fr/article.php?IdArticle=8403616 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/ZTKVfoQZplpB8rki@casper.infradead.org and https://bugzilla.suse.com/show_bug.cgi?id=1215932 for more information.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4610 www.secnews.physaphae.fr/article.php?IdArticle=8403603 False None None None CVE Liste - Common Vulnerability Exposure The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4823 www.secnews.physaphae.fr/article.php?IdArticle=8403613 False None None None CVE Liste - Common Vulnerability Exposure The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5360 www.secnews.physaphae.fr/article.php?IdArticle=8403622 False None None None CVE Liste - Common Vulnerability Exposure The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5458 www.secnews.physaphae.fr/article.php?IdArticle=8403623 False None None None CVE Liste - Common Vulnerability Exposure The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5243 www.secnews.physaphae.fr/article.php?IdArticle=8403620 False None None None CVE Liste - Common Vulnerability Exposure The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5307 www.secnews.physaphae.fr/article.php?IdArticle=8403621 False None None None CVE Liste - Common Vulnerability Exposure The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5229 www.secnews.physaphae.fr/article.php?IdArticle=8403617 False None None None CVE Liste - Common Vulnerability Exposure The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4836 www.secnews.physaphae.fr/article.php?IdArticle=8403614 False None None None CVE Liste - Common Vulnerability Exposure The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.]]> 2023-10-31T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5238 www.secnews.physaphae.fr/article.php?IdArticle=8403619 False None None None CVE Liste - Common Vulnerability Exposure The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4250 www.secnews.physaphae.fr/article.php?IdArticle=8403599 False None None None CVE Liste - Common Vulnerability Exposure The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4251 www.secnews.physaphae.fr/article.php?IdArticle=8403600 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25047 www.secnews.physaphae.fr/article.php?IdArticle=8403589 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25045 www.secnews.physaphae.fr/article.php?IdArticle=8403588 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46978 www.secnews.physaphae.fr/article.php?IdArticle=8403609 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24000 www.secnews.physaphae.fr/article.php?IdArticle=8403586 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4390 www.secnews.physaphae.fr/article.php?IdArticle=8403602 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46977 www.secnews.physaphae.fr/article.php?IdArticle=8403608 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46976 www.secnews.physaphae.fr/article.php?IdArticle=8403607 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46979 www.secnews.physaphae.fr/article.php?IdArticle=8403610 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.]]> 2023-10-31T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28777 www.secnews.physaphae.fr/article.php?IdArticle=8403590 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.]]> 2023-10-31T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1203 www.secnews.physaphae.fr/article.php?IdArticle=8403527 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'ipushpull_page\' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-31T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5116 www.secnews.physaphae.fr/article.php?IdArticle=8403533 False None None None CVE Liste - Common Vulnerability Exposure The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the \'src\' attribute of the \'csvsearch\' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe� file types can be uploaded and included.]]> 2023-10-31T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5099 www.secnews.physaphae.fr/article.php?IdArticle=8403531 False None None None CVE Liste - Common Vulnerability Exposure The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \'iframe\' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-31T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5073 www.secnews.physaphae.fr/article.php?IdArticle=8403530 False None None None CVE Liste - Common Vulnerability Exposure An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.]]> 2023-10-31T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38994 www.secnews.physaphae.fr/article.php?IdArticle=8403529 False None None None CVE Liste - Common Vulnerability Exposure The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'idbbee\' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-31T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5114 www.secnews.physaphae.fr/article.php?IdArticle=8403532 False None None None CVE Liste - Common Vulnerability Exposure ** UNSUPPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.]]> 2023-10-31T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3007 www.secnews.physaphae.fr/article.php?IdArticle=8403528 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2023-10-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46313 www.secnews.physaphae.fr/article.php?IdArticle=8403477 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46312 www.secnews.physaphae.fr/article.php?IdArticle=8403476 False Vulnerability None None CVE Liste - Common Vulnerability Exposure LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.]]> 2023-10-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0897 www.secnews.physaphae.fr/article.php?IdArticle=8403473 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46622 www.secnews.physaphae.fr/article.php?IdArticle=8403478 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40681 www.secnews.physaphae.fr/article.php?IdArticle=8403475 False Vulnerability None None CVE Liste - Common Vulnerability Exposure LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.]]> 2023-10-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2968 www.secnews.physaphae.fr/article.php?IdArticle=8403474 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.]]> 2023-10-31T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5873 www.secnews.physaphae.fr/article.php?IdArticle=8403424 False None None None CVE Liste - Common Vulnerability Exposure The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5437 www.secnews.physaphae.fr/article.php?IdArticle=8403420 False None None None CVE Liste - Common Vulnerability Exposure The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5436 www.secnews.physaphae.fr/article.php?IdArticle=8403419 False None None None CVE Liste - Common Vulnerability Exposure The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5464 www.secnews.physaphae.fr/article.php?IdArticle=8403423 False None None None CVE Liste - Common Vulnerability Exposure The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5438 www.secnews.physaphae.fr/article.php?IdArticle=8403421 False None None None CVE Liste - Common Vulnerability Exposure The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5439 www.secnews.physaphae.fr/article.php?IdArticle=8403422 False None None None CVE Liste - Common Vulnerability Exposure The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5430 www.secnews.physaphae.fr/article.php?IdArticle=8403414 False None None None CVE Liste - Common Vulnerability Exposure The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5435 www.secnews.physaphae.fr/article.php?IdArticle=8403418 False None None None CVE Liste - Common Vulnerability Exposure The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5428 www.secnews.physaphae.fr/article.php?IdArticle=8403412 False None None None CVE Liste - Common Vulnerability Exposure The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5429 www.secnews.physaphae.fr/article.php?IdArticle=8403413 False None None None CVE Liste - Common Vulnerability Exposure The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5434 www.secnews.physaphae.fr/article.php?IdArticle=8403417 False None None None CVE Liste - Common Vulnerability Exposure The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5431 www.secnews.physaphae.fr/article.php?IdArticle=8403415 False None None None CVE Liste - Common Vulnerability Exposure The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5412 www.secnews.physaphae.fr/article.php?IdArticle=8403411 False None None None CVE Liste - Common Vulnerability Exposure The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-31T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5433 www.secnews.physaphae.fr/article.php?IdArticle=8403416 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-31T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46210 www.secnews.physaphae.fr/article.php?IdArticle=8403408 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.]]> 2023-10-31T07:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46451 www.secnews.physaphae.fr/article.php?IdArticle=8403410 False None None None CVE Liste - Common Vulnerability Exposure Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.]]> 2023-10-31T06:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46361 www.secnews.physaphae.fr/article.php?IdArticle=8403409 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.]]> 2023-10-31T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45996 www.secnews.physaphae.fr/article.php?IdArticle=8403407 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components.]]> 2023-10-31T05:15:58+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43139 www.secnews.physaphae.fr/article.php?IdArticle=8403406 False None None None CVE Liste - Common Vulnerability Exposure Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.]]> 2023-10-31T05:15:58+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36263 www.secnews.physaphae.fr/article.php?IdArticle=8403405 False None None None CVE Liste - Common Vulnerability Exposure In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.]]> 2023-10-31T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46356 www.secnews.physaphae.fr/article.php?IdArticle=8403314 False None None None CVE Liste - Common Vulnerability Exposure Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.]]> 2023-10-31T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47174 www.secnews.physaphae.fr/article.php?IdArticle=8403315 False None None None