‼ CVE-2023-43013 ‼
📖 Read
via "National Vulnerability Database".
Asset Management System v1.0 is vulnerable to anunauthenticated SQL Injection vulnerability on the'email' parameter of index.php page, allowing anexternal attacker to dump all the contents of thedatabase contents and bypass the login control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44173 ‼
📖 Read
via "National Vulnerability Database".
Online Movie Ticket Booking System v1.0 is vulnerable toan authenticated Reflected Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43226 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41911 ‼
📖 Read
via "National Vulnerability Database".
Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4316 ‼
📖 Read
via "National Vulnerability Database".
Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5053 ‼
📖 Read
via "National Vulnerability Database".
Hospital management system version 378c157 allows to bypass authentication.This is possible because the application is vulnerable to SQLI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43740 ‼
📖 Read
via "National Vulnerability Database".
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]📖 Read
via "National Vulnerability Database".
🕴 Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain 🕴
📖 Read
via "Dark Reading".
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.📖 Read
via "Dark Reading".
Dark Reading
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
‼ CVE-2023-44163 ‼
📖 Read
via "National Vulnerability Database".
The 'search' parameter of the process_search.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44174 ‼
📖 Read
via "National Vulnerability Database".
Online Movie Ticket Booking System v1.0 is vulnerable toan authenticated Stored Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43014 ‼
📖 Read
via "National Vulnerability Database".
Asset Management System v1.0 is vulnerable toan Authenticated SQL Injection vulnerabilityon the 'first_name' and 'last_name' parametersof user.php page, allowing an authenticatedattacker to dump all the contents of the databasecontents.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44164 ‼
📖 Read
via "National Vulnerability Database".
The 'Email' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43654 ‼
📖 Read
via "National Vulnerability Database".
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43739 ‼
📖 Read
via "National Vulnerability Database".
The 'bookisbn' parameter of the cart.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44168 ‼
📖 Read
via "National Vulnerability Database".
The 'phone' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43662 ‼
📖 Read
via "National Vulnerability Database".
ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44165 ‼
📖 Read
via "National Vulnerability Database".
The 'Password' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44166 ‼
📖 Read
via "National Vulnerability Database".
The 'age' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44167 ‼
📖 Read
via "National Vulnerability Database".
The 'name' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4532 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2233 ‼
📖 Read
via "National Vulnerability Database".
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.📖 Read
via "National Vulnerability Database".
👍1