βΌ CVE-2023-36844 βΌ
π Read
via "National Vulnerability Database".
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables.Utilizing a crafted request an attacker is able to modify certain PHP environments variablesΓ leading to partial loss of integrity,Γ which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39971 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40168 βΌ
π Read
via "National Vulnerability Database".
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39974 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31944 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31945 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31946 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36846 βΌ
π Read
via "National Vulnerability Database".
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certainΓ part of theΓ file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40315 βΌ
π Read
via "National Vulnerability Database".
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role.Γ The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.π Read
via "National Vulnerability Database".
π1
π΄ Confusion Surrounds SEC's New Cybersecurity Material Rule π΄
π Read
via "Dark Reading".
Determining what to report, and what details to disclose, is a complex question with elusive answers.π Read
via "Dark Reading".
Dark Reading
Confusion Surrounds SEC's New Cybersecurity Material Rule
Determining what to report and which details to disclose are complex questions with elusive answers.
βΌ CVE-2023-30875 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <=Γ 1.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4040 βΌ
π Read
via "National Vulnerability Database".
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-39455 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40072 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39416 βΌ
π Read
via "National Vulnerability Database".
Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39944 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40069 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-38132 βΌ
π Read
via "National Vulnerability Database".
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-32626 βΌ
π Read
via "National Vulnerability Database".
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39415 βΌ
π Read
via "National Vulnerability Database".
Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39454 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.π Read
via "National Vulnerability Database".