CyberSecurityBoard
Sponsor Register Login

CVE-2023-1952

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?pproducts of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.

Publication date: Sat, 08 Apr 2023 14:15:00 +0000


Cyber News related to CVE-2023-1952

CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges - Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently ...
1 year ago Blog.talosintelligence.com
CVE-2023-1952 - A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?pproducts of the component Product Search. The manipulation of the argument search leads ...
1 year ago
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com
CVE-2019-1952 - A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This ...
3 years ago
CVE-2021-1952 - Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music ...
3 years ago
CVE-2002-1952 - phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable. ...
16 years ago
CVE-2005-1952 - Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect ...
8 years ago
CVE-2017-5697 - Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via ...
7 years ago
CVE-2004-1952 - SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. ...
7 years ago
CVE-2006-1952 - Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. According to the vendor, WinAgents TFTP server version ...
7 years ago
CVE-2010-1952 - Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. ...
7 years ago
CVE-2013-1952 - Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of ...
7 years ago
CVE-2008-1952 - The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory. ...
7 years ago
CVE-2009-1952 - Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. ...
7 years ago
CVE-2012-1952 - The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame ...
7 years ago
CVE-2015-1952 - Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. ...
7 years ago
CVE-2011-1952 - common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence. ...
6 years ago
CVE-2007-1952 - Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. ...
6 years ago
CVE-2018-1952 - IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...
5 years ago
CVE-2016-1952 - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ...
5 years ago
CVE-2020-1952 - An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely. ...
5 years ago
CVE-2022-1952 - The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)