AttackerKB
attackerkb
New assessment for topic: CVE-2023-5360
Topic description: "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. ..."
"The Royal Elementor Addons and Templates WordPress plugin provides themes and templates to make your WordPress site aesthetically pleasing with little effort ..."
Link: https://www.attackerkb.com/assessments/015f8589-827f-46b7-939a-172aa1aa9d56
Topic description: "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. ..."
"The Royal Elementor Addons and Templates WordPress plugin provides themes and templates to make your WordPress site aesthetically pleasing with little effort ..."
Link: https://www.attackerkb.com/assessments/015f8589-827f-46b7-939a-172aa1aa9d56
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-49103
Topic description: "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1 ..."
"Some installations of ownCloud may contain a vulnerable [`graphapi`](https://marketplace.owncloud.com/apps/graphapi) application which exposes a PHP endpoint `/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` that allows the output of the `phpinfo()` function to be displayed to an attacker ..."
Link: https://www.attackerkb.com/assessments/a2b1b41a-0a26-4226-a53b-ae72e6c65107
Topic description: "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1 ..."
"Some installations of ownCloud may contain a vulnerable [`graphapi`](https://marketplace.owncloud.com/apps/graphapi) application which exposes a PHP endpoint `/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` that allows the output of the `phpinfo()` function to be displayed to an attacker ..."
Link: https://www.attackerkb.com/assessments/a2b1b41a-0a26-4226-a53b-ae72e6c65107
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2021-33331
Topic description: "Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter. ..."
"Additional information added by the discoverer at https://liferay.atlassian.net/browse/LPE-17022 ..."
Link: https://www.attackerkb.com/assessments/0bd369f7-33a1-4b2f-8c37-b162c7bcf31d
Topic description: "Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter. ..."
"Additional information added by the discoverer at https://liferay.atlassian.net/browse/LPE-17022 ..."
Link: https://www.attackerkb.com/assessments/0bd369f7-33a1-4b2f-8c37-b162c7bcf31d
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2021-33326
Topic description: "Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window. ..."
"Additional information by the reporter at https://liferay.atlassian.net/browse/LPE-17093 ..."
Link: https://www.attackerkb.com/assessments/699ff2d8-b041-401c-bdf0-aa108243efce
Topic description: "Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window. ..."
"Additional information by the reporter at https://liferay.atlassian.net/browse/LPE-17093 ..."
Link: https://www.attackerkb.com/assessments/699ff2d8-b041-401c-bdf0-aa108243efce
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-6209
Topic description: "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host ..."
"Simple to resolve Upgrade Ubuntu:23.10 thunderbird to version 1:115.5.0+build1-0ubuntu0.23.10.1 or higher. ..."
Link: https://www.attackerkb.com/assessments/0754ed85-ec72-4fa6-8359-af754b527822
Topic description: "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host ..."
"Simple to resolve Upgrade Ubuntu:23.10 thunderbird to version 1:115.5.0+build1-0ubuntu0.23.10.1 or higher. ..."
Link: https://www.attackerkb.com/assessments/0754ed85-ec72-4fa6-8359-af754b527822
0
0
0