CVE Catalog

A PHP Object Injection vulnerability has been identified in the Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress, affecting all versions through 1.3.5. The vulnerability arises from the deserialization of untrusted input in post content, which is sent to the capture_email AJAX action. This flaw allows authenticated attackers with Contributor-level access and above to inject PHP objects. While the vulnerable plugin does not have a known proof of concept chain, such a chain could potentially exist through an additional plugin or theme, allowing the attacker to delete files, access sensitive information, or execute code.

A stored cross-site scripting vulnerability has been identified in the Trackserver plugin for WordPress, affecting all versions through 5.0.2. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'tsmap' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access those pages.

A vulnerability allowing information exposure has been identified in the Post Duplicator plugin for WordPress, affecting all versions through 2.36. The issue arises in the mtphr_duplicate_post() function, where inadequate restrictions allow authenticated attackers with Contributor-level access and above to duplicate posts and access data from password-protected, private, or draft posts that should be off-limits.

A SQL injection vulnerability has been identified in the CF Internal Link Shortcode plugin for WordPress, affecting all versions through 1.1.0. The issue arises from inadequate escaping of user-supplied data in the 'post_title' parameter, allowing unauthenticated attackers to inject additional SQL queries. This exploitation could lead to unauthorized access to sensitive information within the database.

A vulnerability exists in the Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress, in all versions through 1.3.5. The issue arises from inadequate capability checks in the class-cx-rest.php file, allowing authenticated attackers with Subscriber-level access or higher to gain unauthorized privileges. Exploitation of this vulnerability enables the creation of 100% off coupons, deletion of posts and leads, and modification of coupon statuses.

A reflected cross-site scripting vulnerability has been identified in the ClickWhale WordPress plugin, specifically in the Link Manager, Link Shortener, and Click Tracker for Affiliate Links & Link Pages components, all versions through 2.4.1. The vulnerability arises from improper handling of URL parameters using add_query_arg and remove_query_arg, which allows unauthenticated attackers to inject arbitrary scripts. These scripts can execute if a user is tricked into clicking a link.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in REDCap version 14.9.6. The issue arises when uploading a CSV file that includes a list of alert configurations. An attacker could craft a CSV file with an HTML injection payload in the alert title. Once the victim uploads this file, they are directed to a page displaying the uploaded data. If the victim clicks on the alert title, it can either trigger a logout request, terminating their session, or redirect them to a phishing website. This vulnerability exists due to the lack of CSRF protections on the logout functionality.

A stored cross-site scripting vulnerability has been identified in REDCap version 14.9.6. This issue allows authenticated users to inject malicious scripts into the Survey field name. When a recipient of the survey clicks on the field name, the injected script is executed.

A vulnerability allowing HTML injection has been identified in REDCap version 14.9.6. This issue arises in the Survey field name, where an attacker can inject malicious HTML that redirects users to a phishing website. When the survey recipient clicks on the field name, they are taken to the phishing site, potentially leading to unauthorized actions being performed without the user's consent.

A reflected cross-site scripting vulnerability has been identified in REDCap version 14.9.6. The issue arises in the email-subject field when a CSV file containing a list of alert configurations is uploaded. An attacker can craft a CSV file with an XSS payload embedded in the email-subject. When the victim uploads this file, they are directed to a page displaying the uploaded data. Clicking on the email-subject value activates the XSS payload.

A cross-site scripting vulnerability has been identified in Arista Edge Threat Management - Arista NG Firewall, specifically in versions through 17.1.1. This vulnerability allows specially crafted queries to leak administrator authentication tokens. The issue arises from improper handling of query data, which can be exploited to access sensitive token information.

Multiple SQL injection vulnerabilities have been identified in the Arista reporting application. A user with advanced reporting application access can exploit these vulnerabilities to execute commands on the underlying operating system with elevated privileges.

A vulnerability exists in Arista Edge Threat Management - Arista NG Firewall, affecting versions through 17.1.1. A user with administrator privileges can retrieve authentication tokens, potentially leading to unauthorized access or actions within the application.

A vulnerability exists in Arista Edge Threat Management - Arista NG Firewall, all versions through 17.1.1, allowing administrators to configure an insecure captive portal script. This issue can be exploited by selecting the 'Custom' option in the Captive Page tab, potentially leading to unauthorized actions or information exposure.

A command injection vulnerability has been identified in Arista Edge Threat Management - Arista NG Firewall, affecting versions through 17.1.1. This vulnerability allows users with administrator privileges to execute arbitrary commands on the underlying operating system.

A vulnerability exists in certain Arista CloudVision Appliance (CVA) releases on DCA-350E-CV appliances, where hardware disk encryption may not be properly applied. This flaw leaves the disks unencrypted, exposing the data stored on them.

A vulnerability exists in Arista NG Firewall in versions through 17.1.1, allowing users with advanced report application access to perform unauthorized actions. This issue is linked to improper isolation or compartmentalization, enabling exploitation of SQL injection vulnerabilities in the reporting application. As a result, affected users could execute commands on the underlying operating system with elevated privileges.

A vulnerability exists in Arista Edge Threat Management (ETM) Backup uploads to the Arista NG Firewall (NGFW) that allows for man-in-the-middle interception. This issue affects all NGFW versions through 17.1.1. When the Configuration Backup service is enabled, backups can be intercepted during the upload process to ETM.

A vulnerability exists in Arista Edge Threat Management (ETM) for the Arista NG Firewall (NGFW) in versions through 17.1.1. This vulnerability allows specially crafted queries to discover active remote access sessions. The issue arises from expired and unusable administrator authentication tokens being revealed by units that have timed out from ETM access, creating a potential avenue for exploitation.

A vulnerability exists in Arista Edge Threat Management (ETM) units that have timed out from ETM access, allowing the revelation of expired and unusable administrator authentication tokens. This issue affects Arista NG Firewall (NGFW) versions 17.1.1 and prior.

A memory leak vulnerability has been identified in the snmpd process of Arista EOS platforms with SNMP enabled. When the 'snmp-server transmit max-size' option is configured, a specially crafted packet can cause the snmpd process to consume excessive memory. This may lead to the snmpd process being terminated, causing SNMP request timeouts until snmpd is manually restarted. The increased memory usage can also affect other processes on the switch, potentially leading to their unexpected termination.

A vulnerability exists in Arista EOS on certain platforms, where a specially crafted packet with an incorrect VLAN tag can be mistakenly sent to the CPU. This misrouting may disrupt normal control plane operations, potentially causing issues such as route flaps or incorrect handling of multicast routes.

A client-side injection vulnerability has been identified in MonicaHQ version 4.1.2. This authenticated vulnerability allows attackers to inject malicious code into the 'reason' parameter of the 'Add Debt' form, located at '/people/h:[id]/debts/create'. The injected code can lead to stored cross-site scripting (XSS) attacks.

A client-side injection vulnerability has been identified in MonicaHQ version 4.1.1. This vulnerability allows authenticated users to inject malicious content through the entry text field while editing journal entries.

A Client-Side Template Injection vulnerability has been identified in MonicaHQ version 4.1.2. This vulnerability allows authenticated attackers to inject malicious code into the title and description fields of the reminders creation form. The issue is located in the '/people/ID/reminders/create' endpoint.

Multiple client-side injection vulnerabilities have been identified in MonicaHQ version 4.1.2. These vulnerabilities arise in the 'Add a new relationship' feature, specifically through the 'first_name' and 'last_name' parameters.

A stored cross-site scripting vulnerability has been identified in Microweber versions through 2.0.9. This vulnerability allows remote attackers to execute arbitrary JavaScript code by injecting it into the First Name or Last Name fields within the user management module. The injected script is executed when the user module view is accessed.

A stored cross-site scripting vulnerability has been identified in Microweber versions through 2.0.9. This vulnerability allows remote attackers to execute arbitrary JavaScript code by exploiting the 'create new backup' function within the admin backup module.

A stored cross-site scripting vulnerability has been identified in Microweber versions through 2.0.9. This vulnerability allows remote attackers to execute arbitrary JavaScript code by injecting it into the campaign Name field within the 'Add new campaign' function. The injected script is executed when the campaign list is viewed or when adding a new subscriber.

An authentication bypass vulnerability has been identified in the Netgear DGN1000 router, affecting firmware versions prior to 1.1.00.48, as well as the DGN2200 v1 model. This vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands with root privileges by sending crafted HTTP requests to the setup.cgi endpoint. The embedded web server bypasses authentication checks for certain URLs, enabling exploitation. This vulnerability has been actively exploited since 2017.

A cross-site scripting (XSS) vulnerability has been identified in the Wikimedia Foundation MediaWiki ArticleFeedbackv5 extension, specifically in versions 1.42.X prior to 1.42.2. This vulnerability arises from improper input sanitization during web page generation, allowing malicious users to inject harmful scripts that could be executed in the context of the user's browser.

A vulnerability exists in Hasleo Backup Suite Free versions through 4.9.4, allowing insecure permissions via the file recovery function. This flaw can be exploited by low-privileged users to perform arbitrary file writes, potentially overwriting critical system files or placing malicious executables in sensitive directories. Such actions could lead to unauthorized administrative access on the Windows system.

A cross-site scripting (XSS) vulnerability has been identified in the Wikimedia Foundation MediaWiki Breadcrumbs2 extension. This issue affects versions 1.39.X prior to 1.39.11, 1.41.X prior to 1.41.5, and 1.42.X prior to 1.42.4. The vulnerability arises from improper input sanitization during web page generation, allowing malicious users to inject scripts that could be executed in the context of the user's browser.

A path disclosure vulnerability has been identified in MegaBIP software versions prior to 5.15. During the installation process, users are advised to change the default administrative portal path, as keeping it secret is recommended for protection. However, the publicly available source code of '/registered.php' reveals this path, potentially allowing attackers to conduct further attacks.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in MegaBIP versions prior to 5.15. The issue arises because the form located at '/edytor/index.php?id=7,7,0' lacks proper protection against CSRF attacks. This vulnerability could be exploited by tricking a user into visiting a malicious website that sends a POST request to the vulnerable endpoint. If the user is a logged-in administrator, this could result in the unauthorized creation of new accounts with administrative privileges.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in firmware version 1.1.00.032. The issue arises in the '/usr/lib/lua/luci/controller/mtkwifi.lua' file within the 'vif_disable' function, where the 'iface' parameter can be manipulated to inject and execute arbitrary commands.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in version 1.1.00.032. The issue arises in the 'apcli_do_enr_pbc_wps' function, where the 'ifname' parameter is vulnerable to injection attacks.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in firmware version 1.1.00.032. The issue arises in the 'vif_enable' function within the '/usr/lib/lua/luci/controller/mtkwifi.lua' file, where the 'iface' parameter can be manipulated to execute arbitrary commands.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in version 1.1.00.032. The issue arises in the reset_wifi function, where the devname parameter is vulnerable to injection attacks.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in firmware version 1.1.00.032. The issue arises in the 'apcli_do_enr_pin_wps' function within the '/usr/lib/lua/luci/controller/mtkwifi.lua' file. The vulnerability is triggered through the 'ifname' parameter, allowing injected commands to be executed on the device.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in firmware version 1.1.00.032. The issue arises in the 'apcli_wps_gen_pincode' function within the '/usr/lib/lua/luci/controller/mtkwifi.lua' file. The vulnerability is triggered through the 'ifname' parameter, allowing injected commands to be executed on the device.

A command injection vulnerability has been identified in the Linksys E7350 router, specifically in version 1.1.00.032. The issue arises in the 'apcli_cancel_wps' function, where the 'ifname' parameter is vulnerable to injection attacks.

A cross-site scripting (XSS) vulnerability has been identified in Vtiger CRM versions through 6.1. The issue arises in the Documents module, specifically within the uploadAndSaveFile function of CRMEntity.php.

A command injection vulnerability has been identified in the TOTOLINK A6000R router, specifically in firmware version V1.0.1-B20201211.2000. The vulnerability arises in the reset_wifi function, where the devname parameter can be manipulated to inject and execute arbitrary commands on the device.

A command injection vulnerability has been identified in the TOTOLINK A6000R router, specifically in version 1.0.1-B20201211.2000. The issue arises in the action_passwd function, where the newpasswd parameter is improperly sanitized, allowing attackers to inject and execute arbitrary commands.

A command injection vulnerability has been identified in the TOTOLINK A6000R router, specifically in firmware version V1.0.1-B20201211.2000. The vulnerability arises in the 'action_reboot' function within the '/usr/lib/lua/luci/controller/admin/system.lua' file. It allows for arbitrary command execution by injecting commands through the 'opmode' parameter when the reboot action is called.

A command injection vulnerability has been identified in the TOTOLINK A6000R router, specifically in firmware version V1.0.1-B20201211.2000. The vulnerability arises in the 'enable_wsh' function within the 'system.lua' file, where the 'modifyOne' parameter can be exploited to inject arbitrary commands.

A vulnerability exists in the CP Plus CP-VNR-3104 model, specifically in the firmware version B3223P22C02424. This issue allows attackers to exploit a timing discrepancy in the device's encryption process, particularly within the Elliptic Curve mathematics library. By observing the timing of multiple deterministic ECDSA signature generations, an attacker can extract the second RSA private key. This key extraction could lead to unauthorized access to sensitive information or facilitate a man-in-the-middle attack.

A vulnerability in the CP Plus CP-VNR-3104 model, specifically in the B3223P22C02424 version, arises from improper management and storage of certificates. This flaw enables attackers to decrypt communications or conduct man-in-the-middle attacks, intercepting and potentially altering the communication between two parties.

A vulnerability in the CP Plus CP-VNR-3104 model allows attackers to access the Diffie-Hellman (DH) parameters, potentially leading to the exposure of sensitive data or the execution of a man-in-the-middle attack. This issue arises from the device's handling of DH parameters, which can be exploited to intercept or manipulate communications.