Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-2351: Changeset 2917413 for wpdirectorykit – WordPress Plugin Repository

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.

CVE
#sql#google#js#git#wordpress#php#auth
phpAnalyzer 2.0.4 Insecure Settings

phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation.

EasyAnswer 1.0.1 Cross Site Request Forgery

EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.

Online Thesis Archiving System 1.0 SQL Injection

Online Thesis Archiving System version 1.0 suffers from a remote SQL injection vulnerability.

Xoops CMS 2.5.10 Cross Site Scripting

Xoops CMS version 2.5.10 suffers from a persistent cross site scripting vulnerability.

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

RHSA-2023:3495: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...

CVE-2023-34581: OffSec’s Exploit Database Archive

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2