Description
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6841801
____________________
Description
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
Base Score: 9.1 CRITICAL
https://www.ibm.com/support/pages/node/6841801
____________________________________
Description
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Base Score: 7.5 HIGH
https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed
____________________________________
Description
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP’s extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
___________________________________
Base Score: 7.5 HIGH
Description
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
____________________________________
Description
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
__________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
___________________________________________________-
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
_________________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
______________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
______________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2023-21597 Description Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/incopy/apsb23-08.html ____________________________________ CVE-2023-21596 Description […]
CVE-2022-46609 Description Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. Base Score: 9.8 CRITICAL https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99 _______________________________ CVE-2022-44832 Description D-Link DIR-3040 device with firmware 120B03 was discovered to contain a […]
CVE-2023-20025 Description A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based […]
Leave a Reply