CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46856 – WordPress Woocommerce Product Designer Plugin <= 4.3.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46856
19 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions. The Woocommerce Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.3. This is due to missing or incorrect nonce validation on one of its function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clickin... • https://patchstack.com/database/vulnerability/woocommerce-products-designer/wordpress-woocommerce-products-designer-by-orion-online-product-customizer-for-t-shirts-print-cards-phone-cases-lettering-decals-plugin-4-3-3-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20999
https://notcve.org/view.php?id=CVE-2018-20999
26 Aug 2019 — An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. Se descubrió un problema en el paquete (crate) orion versiones anteriores a 0.11.2 para Rust. Las llamadas a la función reset() causan resultados incorrectos. • https://github.com/brycx/orion/issues/46 • CWE-682: Incorrect Calculation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8355 – orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection
https://notcve.org/view.php?id=CVE-2015-8355
17 Dec 2015 — Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. Múltiples inyecciones SQL en el módulo orion.extfeedbackform en versiones anteriores a la 2.1.3 para Bitrix permiten que usuarios autenticados ejecuten comandos SQL mediante la (1) orden o el (2) parámetro "by" en admin/orion.extfeedbackform_efbf_forms.php. • http://www.securityfocus.com/archive/1/537130/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2009-4493 – Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection
https://notcve.org/view.php?id=CVE-2009-4493
11 Jan 2010 — Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Orion Application Server v2.0.7 escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar coma... • https://www.exploit-db.com/exploits/33503 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 66%CPEs: 6EXPL: 0CVE-2008-0959
https://notcve.org/view.php?id=CVE-2008-0959
29 May 2008 — Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de bufer basados en pila en el control ActiveX Online Media Technologies NCTSoft NCTAudioInformation... • http://secunia.com/advisories/30395 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2007-1471 – Orion-Blog 2.0 - Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-1471
16 Mar 2007 — admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp. admin/default.asp en el Orion-Blog 2.0 permite a atacantes remotos evitar los controles de autenticación y conseguir privilegios mediante una petición URL directa al admin/AdminBlogNewsEdit.asp. • https://www.exploit-db.com/exploits/3481 •