‼ CVE-2023-1739 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224627.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1740 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224628.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1736 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifier of this vulnerability is VDB-224624.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1737 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-224625 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1735 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this vulnerability is an unknown functionality of the file passwordrecover.php. The manipulation of the argument phonenumber leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-224623.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27535 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26692 ‼
📖 Read
via "National Vulnerability Database".
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25587 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1670 ‼
📖 Read
via "National Vulnerability Database".
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1746 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1743 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. This affects an unknown part of the file index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224631.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1741 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1744 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1745 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1742 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in IBOS 4.5.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?r=report/api/getlist of the component Report Search. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224630 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28755 ‼
📖 Read
via "National Vulnerability Database".
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1747 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1753 ‼
📖 Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1761 ‼
📖 Read
via "National Vulnerability Database".
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1754 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1759 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.📖 Read
via "National Vulnerability Database".