CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4836 – WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR
https://notcve.org/view.php?id=CVE-2023-4836
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced El complemento WordPress File Sharing Plugin de WordPress anterior a 2.0.5 no verifica la autorización antes de mostrar archivos y carpetas, lo que permite a los usuarios obtener acceso a los archivados manipulando ID que pueden ser fácilmente forzados. The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to 2.0.5 (exclusive) via the upvf_pro_preview_file function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to gain access to files and folders belonging to other users. • https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38216 – ZDI-CAN-21404: Adobe Bridge Font Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38216
Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 12.0.4 (y anteriores) y 13.0.3 (y anteriores) de Adobe Bridge se ven afectadas por una vulnerabilidad Use After Free, que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/bridge/apsb23-49.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29348 – Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-29348
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Windows Remote Desktop Gateway (RD Gateway) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36429 – Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36429
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Microsoft Dynamics 365 (local) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429 • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36433 – Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36433
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Microsoft Dynamics 365 (local) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433 • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') •