CyberSecurityBoard
Sponsor Register Login

CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

Publication date: Mon, 08 Aug 2022 19:15:00 +0000


Cyber News related to CVE-2022-1323

CVE-2022-48978 - In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() called with ...
2 months ago Tenable.com
CVE-2022-1323 - The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST ...
1 year ago
CVE-2007-1323 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2893. Reason: this candidate was intended for one issue, but some sources used this identifier for a separate issue, and a duplicate identifier had also been created by the time ...
55 years ago Tenable.com
CVE-2019-1323 - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from ...
4 years ago
CVE-2019-1336 - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from ...
4 years ago
CVE-2018-11759 - The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs ...
5 years ago
CVE-2001-1323 - Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file ...
3 years ago
CVE-2003-1323 - Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors. ...
16 years ago
CVE-2011-1323 - Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service ...
13 years ago
CVE-2016-1323 - The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. ...
8 years ago
CVE-1999-1323 - Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword ...
8 years ago
CVE-2014-1323 - WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other ...
8 years ago
CVE-2004-1323 - Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions. ...
7 years ago
CVE-2005-1323 - Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. ...
7 years ago
CVE-2015-1323 - The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as ...
7 years ago
CVE-2009-1323 - SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2008-1323 - Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. ...
6 years ago
CVE-2013-1323 - Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." ...
1 year ago
CVE-2006-1323 - Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file name contains ".." sequences. ...
6 years ago
CVE-2002-1323 - Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. ...
6 years ago
CVE-2018-1323 - The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by ...
5 years ago
CVE-2010-1323 - MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key ...
4 years ago
CVE-2020-1323 - An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open ...
4 years ago
CVE-2023-1323 - The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ...
1 year ago
CVE-2024-1323 - The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on ...
10 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)