CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45641 – WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45641
Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Caret Inc. Caret Country Access Limit en versiones <= 1.0.2. The Caret Country Access Limit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. • https://patchstack.com/database/vulnerability/caret-country-access-limit/wordpress-caret-country-access-limit-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28250
https://notcve.org/view.php?id=CVE-2021-28250
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de Privilegios por medio de un archivo setuid (y/o setgid). Cuando un componente es ejecutado como argumento del ejecutable runpicEhealth, el código del script se ejecutará como el usuario de ehealth. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles por el mantenedor. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28249
https://notcve.org/view.php?id=CVE-2021-28249
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de Privilegios por medio de una Dynamically Linked Shared Object Library. Para explotar la vulnerabilidad, el usuario de ehealth debe crear una biblioteca maliciosa en el RPATH escribible, que se vinculará dinámicamente cuando se ejecuta el ejecutable FtpCollector. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28247
https://notcve.org/view.php?id=CVE-2021-28247
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). El impacto es: Un usuario remoto autenticado puede inyectar un script web o HTML arbitrario debido a un saneamiento inapropiado de los datos proporcionados por el usuario y llevar a cabo un ataque de tipo Cross-Site Scripting Reflejado contra usuarios de la plataforma. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7393
https://notcve.org/view.php?id=CVE-2019-7393
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. Una vulnerabilidad de reparación de IU en la interfaz de usuario administrativa de CA Technologies CA Strong Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 7.1. x y CA Risk Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 3.1. x puede permitir a un atacante remoto obtener información confidencial en algunos casos • http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/May/43 http://www.securityfocus.com/bid/108483 https://seclists.org/bugtraq/2019/May/66 https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •