Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2023
A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.006
Published
2023-01-18
A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218492.
CVSS Score
5.5
EPSS Score
0.006
Published
2023-01-18
A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.006
Published
2023-01-18
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-01-18
Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-01-18
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-01-18
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
CVSS Score
7.5
EPSS Score
0.15
Published
2023-01-18
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-01-18
OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.
CVSS Score
6.8
EPSS Score
0.023
Published
2023-01-18
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
CVSS Score
7.5
EPSS Score
0.024
Published
2023-01-18


Contact Us

Shodan ® - All rights reserved