CVE-2023-6553 – Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. El complemento Backup Migration para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.3.7 incluida a través del archivo /includes/backup-heart.php. Esto se debe a que un atacante puede controlar los valores pasados a una inclusión y, posteriormente, aprovecharlos para lograr la ejecución remota de código. • https://github.com/Chocapikk/CVE-2023-6553 https://github.com/cc3305/CVE-2023-6553 https://github.com/kiddenta/CVE-2023-6553 https://github.com/motikan2010/CVE-2023-6553-PoC http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 https:/& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5058
https://notcve.org/view.php?id=CVE-2023-5058
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. • https://www.kb.cert.org/vuls/id/811862 https://www.phoenix.com/security-notifications https://www.phoenix.com/security-notifications/cve-2023-5058 • CWE-20: Improper Input Validation •
CVE-2023-42826 – Apple macOS Hydra Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42826
Processing a file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213940 •
CVE-2023-43301
https://notcve.org/view.php?id=CVE-2023-43301
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Un problema en la miniaplicación DARTS SHOP MAXIM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43301.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-49852 – WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-49852
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Vsourz Digital Responsive Slick Slider WordPress permite la inyección de código. Este problema afecta a Responsive Slick Slider WordPress: desde n/a hasta 1.4. The Responsive Slick Slider WordPress plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary content. • https://patchstack.com/database/vulnerability/responsive-slick-slider/wordpress-responsive-slick-slider-wordpress-plugin-1-4-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •