‼ CVE-2023-45332 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29047 ‼
📖 Read
via "National Vulnerability Database".
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45334 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45340 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45337 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26455 ‼
📖 Read
via "National Vulnerability Database".
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45328 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45326 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45329 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45323 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45344 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46725 ‼
📖 Read
via "National Vulnerability Database".
FoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45331 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29045 ‼
📖 Read
via "National Vulnerability Database".
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45333 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
🕴 Saudi Aramco CEO Warns of New Threat of Generative AI 🕴
📖 Read
via "Dark Reading".
Oil executive Amin H. Nasser calls for global cooperation and international standards to combat the dark side of artificial intelligence.📖 Read
via "Dark Reading".
Dark Reading
Saudi Aramco CEO Warns of New Threat of Generative AI
Oil executive Amin H. Nasser calls for global cooperation and international standards to combat the dark side of artificial intelligence.
‼ CVE-2023-46925 ‼
📖 Read
via "National Vulnerability Database".
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38473 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4900 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4217 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5035 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.📖 Read
via "National Vulnerability Database".
👍1