Description
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
CVE-2019-17621 Description The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Base Score: 9.8 CRITICAL https://www.dlink.com/en/security-bulletin
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
CVE-2022-43883 Description IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. Base Score: 7.5 HIGH https://www.ibm.com/support/pages/node/6841801 ____________________ CVE-2022-38708 Description IBM Cognos Analytics […]
Leave a Reply