βΌ CVE-2023-3801 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25836 βΌ
π Read
via "National Vulnerability Database".
There is a Cross-site Scripting vulnerabilityΓ in Esri Portal Sites in versions 10.8.1 Γ’β¬β 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. Γ The privileges required to execute this attack are low.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25837 βΌ
π Read
via "National Vulnerability Database".
There is a Cross-site Scripting vulnerabilityΓ in Esri Portal Sites in versions 10.8.1 Γ’β¬β 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. Γ The privileges required to execute this attack are high.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32624 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32625 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25835 βΌ
π Read
via "National Vulnerability Database".
There is a Cross-site Scripting vulnerabilityΓ in Esri Portal Sites in versions 10.8.1 Γ’β¬β 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. Γ The privileges required to execute this attack are high.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32478 βΌ
π Read
via "National Vulnerability Database".
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-28730 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37292 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35086 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3815 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28729 βΌ
π Read
via "National Vulnerability Database".
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3811 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235079.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35087 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28728 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.π Read
via "National Vulnerability Database".
π’ First known open-source software attacks on banking sector could kickstart long-running trend π’
π Read
via "ITPro".
Researchers at Checkmarx predict a βsteady escalationβ in targeted attacks π Read
via "ITPro".
ITPro
First known open-source software attacks on banking sector could kickstart long-running trend
Researchers at Checkmarx predict a βsteady escalationβ in targeted attacks
π¦Ώ How to Access Your iPhone if You Forget Your Passcode π¦Ώ
π Read
via "Tech Republic".
There are ways to unlock your iPhone even without the right passcode, but you'll need a PC with iTunes or a Mac with Finder.π Read
via "Tech Republic".
TechRepublic
How to Access Your iPhone if You Forget Your Passcode
Learn how to regain control of your device and how to access your iPhone if you forgot the passcode using this comprehensive guide.
βΌ CVE-2023-3484 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3821 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38646 βΌ
π Read
via "National Vulnerability Database".
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3819 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".