βΌ CVE-2023-1322 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1320 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0746 βΌ
π Read
via "National Vulnerability Database".
The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1317 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1319 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1315 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1316 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1321 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1318 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-27164 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.π Read
via "National Vulnerability Database".
π₯1
β SHEIN shopping app goes rogue, grabs price and URL data from your clipboard β
π Read
via "Naked Security".
It's not exactly data theft, but it's worrying close to "unintentional treachery" - apparently because it's great for marketing purposesπ Read
via "Naked Security".
Naked Security
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
Itβs not exactly data theft, but itβs worryingly close to βunintentional treacheryβ β apparently because itβs great for marketing purposes
π΄ Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping π΄
π Read
via "Dark Reading".
A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.π Read
via "Dark Reading".
Dark Reading
Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping
A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.
βΌ CVE-2023-27852 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27850 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27853 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26075 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27851 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1205 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1328 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1334 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1343 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".