Show filters
54 Total Results
Displaying 31-40 of 54
Sort by:
Attacker Value
Unknown

CVE-2023-46783

Disclosure Date: November 06, 2023 (last updated November 15, 2023)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions.
Attacker Value
Unknown

CVE-2023-45239

Disclosure Date: October 06, 2023 (last updated October 13, 2023)
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
Attacker Value
Unknown

CVE-2023-32793

Disclosure Date: August 30, 2023 (last updated October 08, 2023)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
Attacker Value
Unknown

CVE-2023-1671

Disclosure Date: April 04, 2023 (last updated October 08, 2023)
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Attacker Value
Unknown

CVE-2022-37937

Disclosure Date: March 01, 2023 (last updated October 08, 2023)
Pre-auth memory corruption in HPE Serviceguard
Attacker Value
Unknown

CVE-2023-0122

Disclosure Date: January 17, 2023 (last updated October 08, 2023)
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.
Attacker Value
Unknown

CVE-2021-32824

Disclosure Date: January 03, 2023 (last updated October 08, 2023)
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue.
Attacker Value
Unknown

CVE-2022-1361

Disclosure Date: May 12, 2022 (last updated October 07, 2023)
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.
Attacker Value
Unknown

CVE-2021-46384

Disclosure Date: March 04, 2022 (last updated October 07, 2023)
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
Attacker Value
Unknown

CVE-2021-42638

Disclosure Date: February 01, 2022 (last updated October 07, 2023)
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.