Lista CVE - 2023 / Febbraio
Visualizzazione 901 - 1000 di 2164 CVE per Febbraio 2023 (Pagina 10 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-24646 | 2023-02-13 | An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2023-24647 | 2023-02-13 | Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. |
| CVE-2023-24648 | 2023-02-13 | Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. |
| CVE-2023-25240 | 2023-02-13 | An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. |
| CVE-2023-25241 | 2023-02-13 | bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. |
| CVE-2023-25717 | 2023-02-13 | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. |
| CVE-2023-25718 | 2023-02-13 | In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in... |
| CVE-2023-25719 | 2023-02-13 | ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into... |
| CVE-2023-25727 | 2023-02-13 | In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. |
| CVE-2022-25937 | 2023-02-13 | Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from... |
| CVE-2023-24572 | 2023-02-13 | Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading... |
| CVE-2023-23697 | 2023-02-13 | Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading... |
| CVE-2022-34397 | 2023-02-13 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are... |
| CVE-2022-45454 | 2023-02-13 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. |
| CVE-2022-45455 | 2023-02-13 | Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber... |
| CVE-2023-0808 | 2023-02-13 | Deye/Revolt/Bosswerk Inverter Access Point Setting hard-coded password |
| CVE-2022-4473 | 2023-02-13 | Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS |
| CVE-2023-0379 | 2023-02-13 | Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS |
| CVE-2022-4783 | 2023-02-13 | Youtube Channel Gallery <= 2.4 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4445 | 2023-02-13 | FL3R FeelBox <= 8.1 - Unauthenticated SQLi |
| CVE-2023-0362 | 2023-02-13 | Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS |
| CVE-2023-0270 | 2023-02-13 | YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS |
| CVE-2023-0159 | 2023-02-13 | Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE |
| CVE-2022-4628 | 2023-02-13 | Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode |
| CVE-2022-4448 | 2023-02-13 | GiveWP < 2.24.0 - Contributor+ Stored XSS |
| CVE-2023-0099 | 2023-02-13 | Simple URLs < 115 - Multiple Reflected XSS |
| CVE-2023-0060 | 2023-02-13 | Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS |
| CVE-2022-4678 | 2023-02-13 | TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0220 | 2023-02-13 | Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi |
| CVE-2022-4551 | 2023-02-13 | Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS |
| CVE-2023-0373 | 2023-02-13 | Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS |
| CVE-2023-0261 | 2023-02-13 | WP TripAdvisor Review Slider < 10.8 - Subscriber+ SQLi |
| CVE-2022-4458 | 2023-02-13 | Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS |
| CVE-2023-0169 | 2023-02-13 | Zoho Forms < 3.0.1 - Contributor+ Stored XSS |
| CVE-2023-0260 | 2023-02-13 | WP Review Slider < 12.2 - Subscriber+ SQLi |
| CVE-2022-4546 | 2023-02-13 | Mapwiz <= 1.0.1 - Admin+ SQLi |
| CVE-2023-0333 | 2023-02-13 | TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS |
| CVE-2023-0061 | 2023-02-13 | Judge.me Product Reviews for WooCommerce < 1.3.21 - Contributor+ Stored XSS |
| CVE-2023-0098 | 2023-02-13 | Simple URLs < 115 - Subscriber+ SQLi |
| CVE-2022-4512 | 2023-02-13 | Better Font Awesome < 2.0.4 - Contributor+ Stored XSS |
| CVE-2023-0263 | 2023-02-13 | WP Yelp Review Slider < 7.1 - Subscriber+ SQLi |
| CVE-2023-0275 | 2023-02-13 | Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS |
| CVE-2022-4656 | 2023-02-13 | WP Visitor Statistics (Real Time Traffic) < 6.5 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0259 | 2023-02-13 | WP Google Review Slider < 11.8 - Subscriber+ SQLi |
| CVE-2023-0166 | 2023-02-13 | PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS |
| CVE-2023-0255 | 2023-02-13 | Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload |
| CVE-2023-0080 | 2023-02-13 | Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI |
| CVE-2023-0151 | 2023-02-13 | uTubeVideo Gallery < 2.0.8 - Contributor+ Stored XSS |
| CVE-2023-0405 | 2023-02-13 | GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update |
| CVE-2023-0075 | 2023-02-13 | Amazon JS <= 0.10 - Contributor+ Stored XSS |
| CVE-2023-0034 | 2023-02-13 | JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4745 | 2023-02-13 | WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF |
| CVE-2022-3891 | 2023-02-13 | WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access |
| CVE-2022-4682 | 2023-02-13 | Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0262 | 2023-02-13 | WP Airbnb Review Slider < 3.3 - Subscriber+ SQLi |
| CVE-2022-4488 | 2023-02-13 | Widgets on Pages < 1.8.0 - Contributor+ Stored XSS |
| CVE-2022-4471 | 2023-02-13 | YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS |
| CVE-2022-4830 | 2023-02-13 | Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4580 | 2023-02-13 | Twenty20 Image Before-After <= 1.5.9 - Contributor+ Stored XSS |
| CVE-2023-0177 | 2023-02-13 | Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS |
| CVE-2023-0360 | 2023-02-13 | Location Weather < 1.3.4 - Contributor+ Stored XSS |
| CVE-2022-4562 | 2023-02-13 | Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS |
| CVE-2022-4759 | 2023-02-13 | GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-24804 | 2023-02-13 | ownCloud Android app vulnerable to Path Traversal |
| CVE-2022-3089 | 2023-02-13 | EnOcean SmartServer Hard-coded credentials |
| CVE-2023-23948 | 2023-02-13 | ownCloud Android app vulnerable to SQL Injection |
| CVE-2023-25159 | 2023-02-13 | Nextcloud Server previews are accessible without a watermark |
| CVE-2022-41134 | 2023-02-13 | WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23551 | 2023-02-13 | X-600M Code Injection |
| CVE-2023-23553 | 2023-02-13 | X-400 Cross-Site Scripting |
| CVE-2023-25160 | 2023-02-13 | IDOR Vulnerability in Nextcloud Mail |
| CVE-2023-25161 | 2023-02-13 | Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails |
| CVE-2023-25162 | 2023-02-13 | Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs |
| CVE-2023-25572 | 2023-02-13 | React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>` |
| CVE-2022-4905 | 2023-02-13 | UDX Stateless Media Plugin class-settings.php setup_wizard_interface cross site scripting |
| CVE-2015-10079 | 2023-02-13 | juju2143 WalrusIRC parser.js parseLinks cross site scripting |
| CVE-2023-22370 | 2023-02-14 | Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that... |
| CVE-2021-46023 | 2023-02-14 | An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. |
| CVE-2022-29557 | 2023-02-14 | LexisNexis Firco Compliance Link 3.7 allows CSRF. |
| CVE-2022-41564 | 2023-02-14 | TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability |
| CVE-2023-0655 | 2023-02-14 | SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. |
| CVE-2023-0827 | 2023-02-14 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-22375 | 2023-02-14 | Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a... |
| CVE-2023-22376 | 2023-02-14 | Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability... |
| CVE-2023-22629 | 2023-02-14 | An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move... |
| CVE-2023-24159 | 2023-02-14 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. |
| CVE-2023-24160 | 2023-02-14 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. |
| CVE-2023-24161 | 2023-02-14 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. |
| CVE-2023-24187 | 2023-02-14 | An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. |
| CVE-2023-25725 | 2023-02-14 | HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept... |
| CVE-2023-25758 | 2023-02-14 | Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device... |
| CVE-2023-0814 | 2023-02-14 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0.... |
| CVE-2023-0019 | 2023-02-14 | In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with... |
| CVE-2023-0020 | 2023-02-14 | SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact... |
| CVE-2023-0024 | 2023-02-14 | SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or... |
| CVE-2023-0025 | 2023-02-14 | SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or... |
| CVE-2023-23851 | 2023-02-14 | SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other... |
| CVE-2023-23852 | 2023-02-14 | SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2023-23853 | 2023-02-14 | An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can... |
| CVE-2023-23854 | 2023-02-14 | SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting... |