‼ CVE-2023-34644 ‼
📖 Read
via "National Vulnerability Database".
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows remote attackers to gain escalated privileges via crafted POST request to /cgi-bin/luci/api/auth.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38303 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36091 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34872 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34842 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31680 ‼
📖 Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38304 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36089 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31651 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34635 ‼
📖 Read
via "National Vulnerability Database".
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38310 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38306 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38311 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38308 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36090 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21881 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38305 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38307 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35792 ‼
📖 Read
via "National Vulnerability Database".
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).📖 Read
via "National Vulnerability Database".
âš SEC demands four-day disclosure limit for cybersecurity breaches âš
📖 Read
via "Naked Security".
When is a ransomware attack a reportable matter? And how long have you got to decide?📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🛠RansomLord Anti-Ransomware Exploit Tool 1.0 ðŸ›
📖 Read
via "Packet Storm Security".
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.📖 Read
via "Packet Storm Security".
Packetstormsecurity
RansomLord Anti-Ransomware ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🔥1