🚨 CVE-2023-41445
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
🎖@cveNotify
Gist
CVE-2023-41445
CVE-2023-41445. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41448
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41448
CVE-2023-41448. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41449
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
Gist
CVE-2023-41449
CVE-2023-41449. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41451
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41451
CVE-2023-41451. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41452
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41452
CVE-2023-41452. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41453
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41453
CVE-2023-41453. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41446
CVE-2023-41446. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41447
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41447
CVE-2023-41447. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41450
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
Gist
CVE-2023-41450
CVE-2023-41450. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
🎖@cveNotify
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
🎖@cveNotify
🚨 CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
🎖@cveNotify
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2022-37830
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
🎖@cveNotify
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
🎖@cveNotify
🚨 CVE-2023-45379
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
🎖@cveNotify
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
🎖@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-45379] Improper neutralization of SQL parameter in Posthemes Rotator Img module for PrestaShop
In the module “Rotator Img” (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
🚨 CVE-2023-45992
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
🎖@cveNotify
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
🎖@cveNotify
GitHub
GitHub - harry935/CVE-2023-45992
Contribute to harry935/CVE-2023-45992 development by creating an account on GitHub.
🚨 CVE-2023-46010
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
🎖@cveNotify
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
🎖@cveNotify
🚨 CVE-2023-42425
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.
🎖@cveNotify
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.
🎖@cveNotify
Gist
CVE-2023-42425 Details
CVE-2023-42425 Details. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
🎖@cveNotify
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
🎖@cveNotify
Medium
Security Disclosure of Vulnerability : CVE-2023–23336
Disclosure Summary
🚨 CVE-2023-46958
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.
🎖@cveNotify
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.
🎖@cveNotify
Lmxcms
梦想cms(lmxcms)真免费、开源、无授权限制的网站管理系统
梦想cms(lmxcms)完全免费、开源、无授权限制,您可以使用lmxcms在任何商业或者非商业网站上使用而不必支付任何费用,系统采用主流的mvc架构开发,更加容易进行二次开发,并且内置smarty模板引擎,标签扩展更灵活,并且支持html纯静态生成等功能。
🚨 CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
🎖@cveNotify
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
🎖@cveNotify
Gist
CVE-2023-41425 (WonderCMS Remote Code Execution) - PoC
CVE-2023-41425 (WonderCMS Remote Code Execution) - PoC - CVE-2023-41425.md
🚨 CVE-2023-48056
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
🎖@cveNotify
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
🎖@cveNotify
🚨 CVE-2023-48192
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
🎖@cveNotify
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
🎖@cveNotify
GitHub
GitHub - zxsssd/TotoLink-: cstecgi.cgi的setTracerouteCfg接口存在未授权任意命令执行
cstecgi.cgi的setTracerouteCfg接口存在未授权任意命令执行. Contribute to zxsssd/TotoLink- development by creating an account on GitHub.