CVE List - 2023 / March
Showing 701 - 800 of 2488 CVEs for March 2023 (Page 8 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1361 | 2023-03-13 | SQL Injection in unilogies/bumsys |
| CVE-2023-1362 | 2023-03-13 | Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys |
| CVE-2023-1367 | 2023-03-13 | Code Injection in alextselegidis/easyappointments |
| CVE-2023-24033 | 2023-03-13 | The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description... |
| CVE-2023-24577 | 2023-03-13 | McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute... |
| CVE-2023-24578 | 2023-03-13 | McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. |
| CVE-2023-24579 | 2023-03-13 | McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. |
| CVE-2023-24762 | 2023-03-13 | OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. |
| CVE-2023-25207 | 2023-03-13 | PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php. |
| CVE-2023-25279 | 2023-03-13 | OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. |
| CVE-2023-25283 | 2023-03-13 | A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp. |
| CVE-2023-25803 | 2023-03-13 | Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This... |
| CVE-2023-26072 | 2023-03-13 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and... |
| CVE-2023-26073 | 2023-03-13 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and... |
| CVE-2023-26074 | 2023-03-13 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and... |
| CVE-2023-26076 | 2023-03-13 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow... |
| CVE-2023-27010 | 2023-03-13 | Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. |
| CVE-2023-27052 | 2023-03-13 | E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php. |
| CVE-2023-27061 | 2023-03-13 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-27062 | 2023-03-13 | Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-27063 | 2023-03-13 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-27064 | 2023-03-13 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-27065 | 2023-03-13 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-27093 | 2023-03-13 | Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function. |
| CVE-2023-27587 | 2023-03-13 | ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when... |
| CVE-2023-28154 | 2023-03-13 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to... |
| CVE-2023-1363 | 2023-03-13 | SourceCodester Computer Parts Sales and Inventory System Add User Account cross site scripting |
| CVE-2023-1364 | 2023-03-13 | SourceCodester Online Pizza Ordering System GET Parameter category.php sql injection |
| CVE-2023-1365 | 2023-03-13 | SourceCodester Online Pizza Ordering System ajax.php sql injection |
| CVE-2023-0888 | 2023-03-13 | Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi |
| CVE-2023-1366 | 2023-03-13 | SourceCodester Yoga Class Registration System manage_category.php query sql injection |
| CVE-2023-1368 | 2023-03-13 | XHCMS POST Parameter login.php sql injection |
| CVE-2023-1369 | 2023-03-13 | TG Soft Vir.IT eXplorer IoControlCode VIRAGTLT.sys 0x82730088 denial of service |
| CVE-2023-1370 | 2023-03-13 | Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON |
| CVE-2022-47166 | 2023-03-13 | WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47440 | 2023-03-13 | WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0628 | 2023-03-13 | Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL |
| CVE-2023-0629 | 2023-03-13 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers |
| CVE-2023-1372 | 2023-03-13 | The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including, 3.0.0 due to... |
| CVE-2023-1374 | 2023-03-13 | The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping.... |
| CVE-2022-31474 | 2023-03-13 | WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal |
| CVE-2023-0978 | 2023-03-13 | A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings.... |
| CVE-2022-38074 | 2023-03-13 | WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection |
| CVE-2023-25991 | 2023-03-13 | WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22700 | 2023-03-13 | WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23711 | 2023-03-13 | WordPress A2 Optimized WP Plugin <= 3.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25973 | 2023-03-13 | WordPress Auto Affiliate Links Plugin <= 6.3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0477 | 2023-03-13 | Auto Featured Image < 3.9.16 - Author+ Arbitrary File Upload |
| CVE-2023-0066 | 2023-03-13 | Companion Sitemap Generator <= 4.5.1.1 - Contributor+ Stored XSS |
| CVE-2022-4652 | 2023-03-13 | Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0772 | 2023-03-13 | Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure |
| CVE-2023-0749 | 2023-03-13 | Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure |
| CVE-2023-0037 | 2023-03-13 | 10WebMapBuilder < 1.0.73 - Unauthenticated SQLi |
| CVE-2023-0172 | 2023-03-13 | Juicer < 1.11 - Contributor+ Stored XSS |
| CVE-2023-0538 | 2023-03-13 | Campaign URL Builder < 1.8.2 - Contributor+ Stored XSS |
| CVE-2022-4661 | 2023-03-13 | Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0844 | 2023-03-13 | Namaste! LMS < 2.6 - Admin+ Stored XSS |
| CVE-2023-0219 | 2023-03-13 | FluentSMTP < 2.2.3 - Stored XSS via Email Logs |
| CVE-2023-0073 | 2023-03-13 | Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS |
| CVE-2022-4466 | 2023-03-13 | WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS |
| CVE-2023-25170 | 2023-03-13 | PrestaShop has possible CSRF token fixation |
| CVE-2023-0973 | 2023-03-13 | Step Tools Third-Party |
| CVE-2023-27580 | 2023-03-13 | CodeIgniter Shield Password Shucking Vulnerability |
| CVE-2023-1378 | 2023-03-13 | SourceCodester Friendly Island Pizza Website and Ordering System POST Parameter paypalsuccess.php sql injection |
| CVE-2023-25802 | 2023-03-13 | Roxy-WI has Path Traversal vulnerability |
| CVE-2023-0355 | 2023-03-13 | CVE-2023-0355 |
| CVE-2023-0354 | 2023-03-13 | CVE-2023-0354 |
| CVE-2023-0353 | 2023-03-13 | CVE-2023-0353 |
| CVE-2023-0352 | 2023-03-13 | CVE-2023-0352 |
| CVE-2023-27581 | 2023-03-13 | github-slug-action vulnerable to arbitrary code execution |
| CVE-2023-0351 | 2023-03-13 | CVE-2023-0351 |
| CVE-2023-0350 | 2023-03-13 | CVE-2023-0350 |
| CVE-2023-0349 | 2023-03-13 | CVE-2023-0349 |
| CVE-2023-0348 | 2023-03-13 | CVE-2023-0348 |
| CVE-2023-0347 | 2023-03-13 | CVE-2023-0347 |
| CVE-2023-0346 | 2023-03-13 | CVE-2023-0346 |
| CVE-2023-0345 | 2023-03-13 | CVE-2023-0345 |
| CVE-2023-27583 | 2023-03-13 | Panindex uses hard coded cyptographic key |
| CVE-2023-27582 | 2023-03-13 | Full authentication bypass if SASL authorization username is specified |
| CVE-2023-27074 | 2023-03-14 | BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. |
| CVE-2023-1327 | 2023-03-14 | Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting... |
| CVE-2023-24180 | 2023-03-14 | Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf... |
| CVE-2023-24279 | 2023-03-14 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-25206 | 2023-03-14 | PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. |
| CVE-2023-26262 | 2023-03-14 | An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content... |
| CVE-2023-26511 | 2023-03-14 | A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows... |
| CVE-2023-27069 | 2023-03-14 | A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field. |
| CVE-2023-27070 | 2023-03-14 | A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. |
| CVE-2023-27073 | 2023-03-14 | A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. |
| CVE-2023-27585 | 2023-03-14 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It... |
| CVE-2023-28144 | 2023-03-14 | KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. |
| CVE-2023-28339 | 2023-03-14 | OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can... |
| CVE-2023-28343 | 2023-03-14 | OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. |
| CVE-2023-0021 | 2023-03-14 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver |
| CVE-2023-23857 | 2023-03-14 | Improper Access Control in SAP NetWeaver AS for Java |
| CVE-2023-24526 | 2023-03-14 | Improper Access Control in SAP NetWeaver AS Java (Classload Service) |
| CVE-2023-25615 | 2023-03-14 | SQL Injection vulnerability in SAP ABAP Platform |
| CVE-2023-25616 | 2023-03-14 | Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC) |
| CVE-2023-25617 | 2023-03-14 | OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server) |
| CVE-2023-26459 | 2023-03-14 | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |