🚨 CVE-2023-40932
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
🎖@cveNotify
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
🎖@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
🚨 CVE-2023-40933
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
🎖@cveNotify
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
🎖@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
🚨 CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
🎖@cveNotify
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
🎖@cveNotify
Magellan Sécurité
Magellan Sécurité, integrating protection solutions
Magellan Sécurité implements operational security solutions to help you face current and future threats. Find out more ...
🚨 CVE-2023-38887
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
🎖@cveNotify
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
🎖@cveNotify
Magellan Sécurité
Magellan Sécurité, integrating protection solutions
Magellan Sécurité implements operational security solutions to help you face current and future threats. Find out more ...
🚨 CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
🎖@cveNotify
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
🎖@cveNotify
Magellan Sécurité
Magellan Sécurité, integrating protection solutions
Magellan Sécurité implements operational security solutions to help you face current and future threats. Find out more ...
🚨 CVE-2023-43141
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
🎖@cveNotify
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
🎖@cveNotify
🚨 CVE-2023-42426
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
🎖@cveNotify
GitHub
GitHub - b0marek/CVE-2023-42426: Repository for CVE-2023-42426 vulnerability.
Repository for CVE-2023-42426 vulnerability. . Contribute to b0marek/CVE-2023-42426 development by creating an account on GitHub.
🚨 CVE-2023-43278
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
🎖@cveNotify
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
🎖@cveNotify
🚨 CVE-2023-43232
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
🎖@cveNotify
🚨 CVE-2023-43234
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
🎖@cveNotify
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
🎖@cveNotify
GitHub
yux1azhengye - Overview
A cybersecurity researcher.
Focusing on penetration testing and threat information operations. - yux1azhengye
Focusing on penetration testing and threat information operations. - yux1azhengye
🚨 CVE-2023-43856
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
🎖@cveNotify
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
🎖@cveNotify
🚨 CVE-2023-41445
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
🎖@cveNotify
Gist
CVE-2023-41445
CVE-2023-41445. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41448
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41448
CVE-2023-41448. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41449
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
Gist
CVE-2023-41449
CVE-2023-41449. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41451
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41451
CVE-2023-41451. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41452
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41452
CVE-2023-41452. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41453
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41453
CVE-2023-41453. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41446
CVE-2023-41446. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41447
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41447
CVE-2023-41447. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41450
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
Gist
CVE-2023-41450
CVE-2023-41450. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
🎖@cveNotify
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
🎖@cveNotify