CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28787 – WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-28787
16 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.4. The Quiz and Survey Master plugin for WordPress is vulnerable to SQL Injection via ... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29649
https://notcve.org/view.php?id=CVE-2022-29649
15 Sep 2022 — Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. Se ha detectado que Qsmart Next versión v4.1.2, contiene una vulnerabilidad de tipo cross-site scripting (XSS) • http://qsmart.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31186 – Leakage of excessive information into log in next-auth
https://notcve.org/view.php?id=CVE-2022-31186
01 Aug 2022 — NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3... • https://github.com/nextauthjs/next-auth/security/advisories/GHSA-p6mm-27gq-9v3p • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 20%CPEs: 1EXPL: 1CVE-2019-1010287
https://notcve.org/view.php?id=CVE-2019-1010287
17 Jul 2019 — Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. Timesheet Next Gen versión 1.5.3 y versiones anteriores se ven impactados por: Cross Site Scripting (XSS). • https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2265
https://notcve.org/view.php?id=CVE-2017-2265
14 Jul 2017 — Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no confiable en FileCapsule Deluxe Portable versión 1.0.4.1 y anteriores, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado. • http://resumenext.blog.fc2.com/blog-entry-30.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2266
https://notcve.org/view.php?id=CVE-2017-2266
14 Jul 2017 — Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no confiable en archivos cifrados en formato auto descifrado creados por FileCapsule Deluxe Portable versión 1.0.4.1 y anteriores, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un direct... • http://resumenext.blog.fc2.com/blog-entry-30.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2267
https://notcve.org/view.php?id=CVE-2017-2267
14 Jul 2017 — Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no confiable en FileCapsule Deluxe Portable versión 1.0.5.1 y anteriores, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado. • http://resumenext.blog.fc2.com/blog-entry-30.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2268
https://notcve.org/view.php?id=CVE-2017-2268
14 Jul 2017 — Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no confiable en archivos cifrados en formato auto descifrado creados por FileCapsule Deluxe Portable Versión 1.0.5.1 y anteriores, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un direct... • http://resumenext.blog.fc2.com/blog-entry-30.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2269
https://notcve.org/view.php?id=CVE-2017-2269
14 Jul 2017 — Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una Vulnerabilidad de ruta (path) de búsqueda no confiable en FileCapsule Deluxe Portable versión 2.0.9 y anteriores, permite a un atacante alcanzar privilegios por medio de un archivo DLL de tipo caballo de Troya en un directorio no especificado. • http://resumenext.blog.fc2.com/blog-entry-30.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2270
https://notcve.org/view.php?id=CVE-2017-2270
14 Jul 2017 — Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una Vulnerabilidad de ruta (path) de búsqueda no confiable en archivos cifrados en formato auto descifrado creados por FileCapsule Deluxe Portable Versión 2.0.9 y anteriores, permite a un atacante alcanzar privilegios por medio de un archivo DLL de tipo caballo de Troya en un dir... • http://resumenext.blog.fc2.com/blog-entry-30.html • CWE-426: Untrusted Search Path •