August 2023 – Page 239 – WindowsTechs.com

CVE-2023-3604 (change_wp_admin_login)

Posted on August 21, 2023 by National Vulnerability Database

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. Continue reading CVE-2023-3604 (change_wp_admin_login)→

CVE-2023-3936 (blog2social)

Posted on August 21, 2023 by National Vulnerability Database

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Continue reading CVE-2023-3936 (blog2social)→

CVE-2023-39106 (nacos_spring_project)

Posted on August 21, 2023 by National Vulnerability Database

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Continue reading CVE-2023-39106 (nacos_spring_project)→

CVE-2023-38976 (weaviate)

Posted on August 21, 2023 by National Vulnerability Database

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. Continue reading CVE-2023-38976 (weaviate)→

CVE-2023-3366 (multiparcels_shipping_for_woocommerce)

Posted on August 21, 2023 by National Vulnerability Database

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack Continue reading CVE-2023-3366 (multiparcels_shipping_for_woocommerce)→

CVE-2023-39094 (studentmanager)

Posted on August 21, 2023 by National Vulnerability Database

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function. Continue reading CVE-2023-39094 (studentmanager)→

CVE-2023-39061 (chamilo)

Posted on August 21, 2023 by National Vulnerability Database

Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. Continue reading CVE-2023-39061 (chamilo)→

CVE-2023-39660 (pandasai)

Posted on August 21, 2023 by National Vulnerability Database

An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. Continue reading CVE-2023-39660 (pandasai)→

CVE-2023-38836 (boidcms)

Posted on August 21, 2023 by National Vulnerability Database

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component. Continue reading CVE-2023-38836 (boidcms)→

CVE-2023-38961 (jerryscript)

Posted on August 21, 2023 by National Vulnerability Database

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. Continue reading CVE-2023-38961 (jerryscript)→