๐จ CVE-2023-39809
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.
๐@cveNotify
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.
๐@cveNotify
GitHub
maride - Overview
maride has 14 repositories available. Follow their code on GitHub.
๐จ CVE-2020-28715
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
๐@cveNotify
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
๐@cveNotify
๐จ CVE-2023-38899
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.
๐@cveNotify
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.
๐@cveNotify
GitHub
GitHub - berkaygediz/O_Blog: Social Article Network.
Social Article Network. Contribute to berkaygediz/O_Blog development by creating an account on GitHub.
๐จ CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
๐@cveNotify
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2023-39061
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
๐@cveNotify
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
๐@cveNotify
๐จ CVE-2020-27418
A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.
๐@cveNotify
A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.
๐@cveNotify
๐จ CVE-2023-39810
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
๐@cveNotify
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
๐@cveNotify
Pentagrid AG
Busybox cpio directory traversal vulnerability (CVE-2023-39810)
CVE-2023-39810 is a directory traversal vulnerability in Busybox cpio discovered by Pentagrid during a penetration test.
๐จ CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.
๐@cveNotify
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.
๐@cveNotify
Show Up Show Out Security
SqlSpark: SQL Injection in TripSpark VEO Transport: CVE-2021-3262
Written By: Sedric Louissaint
๐จ CVE-2023-36088
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.
๐@cveNotify
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.
๐@cveNotify
GitHub
GitHub - vesoft-inc/nebula-studio: NebulaGraph Web GUI Tools
NebulaGraph Web GUI Tools. Contribute to vesoft-inc/nebula-studio development by creating an account on GitHub.
๐จ CVE-2023-36361
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
๐@cveNotify
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
๐@cveNotify
Gist
gist:40b3b6f6729d1d0984d6ce5b6837c46b
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2023-41009
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.
๐@cveNotify
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.
๐@cveNotify
GitHub
HillstoneCVEs/CVE-2023-41009/CVE-2023-41009.md at main ยท Rabb1tQ/HillstoneCVEs
Some obtained CVE numbers have been forgotten. Now create a new repository to store the new CVE number obtained in Hillstone - Rabb1tQ/HillstoneCVEs
๐จ CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
๐@cveNotify
Cyderes
Cybersecurity Services for Modern Enterprises | Cyderes
Cyderes is a managed security services partner with an identity-first approach uniting MDR, exposure management, and IAM, keeping you Everyday Ready.
๐จ CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
๐@cveNotify
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
๐@cveNotify
Nagarro
MoFi CVE-2021-27715 Security Advisory| Cyber Security | Nagarro
An issue discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP requests.
๐จ CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
๐@cveNotify
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
๐@cveNotify
๐จ CVE-2023-41013
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
๐@cveNotify
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
๐@cveNotify
Medium
CVE-2023โ41013
Introduction
๐จ CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
๐@cveNotify
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
๐@cveNotify
GitHub
Webmin-2.100/CVE-2023-40984 at main ยท Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
๐จ CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
๐@cveNotify
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
๐@cveNotify
GitHub
Webmin-2.100/CVE-2023-40985 at main ยท Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
๐จ CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
๐@cveNotify
GitHub
Webmin-2.100/CVE-2023-40986 at main ยท Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
๐จ CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
๐@cveNotify
GitHub
Webmin-2.100/CVE-2023-40982 at main ยท Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
๐จ CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
๐@cveNotify
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
๐@cveNotify
GitHub
Webmin-2.100/CVE-2023-40983 at main ยท Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
๐จ CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
๐@cveNotify
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
๐@cveNotify