βΌ CVE-2022-47483 βΌ
π Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1173 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47472 βΌ
π Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40537 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25146 βΌ
π Read
via "National Vulnerability Database".
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27577 βΌ
π Read
via "National Vulnerability Database".
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27904 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27903 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47456 βΌ
π Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24999 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault and Vault EnterpriseΓ’β¬β’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1351 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1354 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1353 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1352 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10021 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1355 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1360 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1357 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1358 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1359 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2016-15028 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.π Read
via "National Vulnerability Database".