🚨 CVE-2023-41453
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41453
CVE-2023-41453. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41446
CVE-2023-41446. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41447
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41447
CVE-2023-41447. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41450
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
Gist
CVE-2023-41450
CVE-2023-41450. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
🎖@cveNotify
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
🎖@cveNotify
🚨 CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
🎖@cveNotify
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2022-37830
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
🎖@cveNotify
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
🎖@cveNotify
🚨 CVE-2023-45379
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
🎖@cveNotify
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
🎖@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-45379] Improper neutralization of SQL parameter in Posthemes Rotator Img module for PrestaShop
In the module “Rotator Img” (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
🚨 CVE-2023-45992
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
🎖@cveNotify
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
🎖@cveNotify
GitHub
GitHub - harry935/CVE-2023-45992
Contribute to harry935/CVE-2023-45992 development by creating an account on GitHub.
🚨 CVE-2023-46010
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
🎖@cveNotify
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
🎖@cveNotify
🚨 CVE-2023-42425
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.
🎖@cveNotify
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.
🎖@cveNotify
Gist
CVE-2023-42425 Details
CVE-2023-42425 Details. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
🎖@cveNotify
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
🎖@cveNotify
Medium
Security Disclosure of Vulnerability : CVE-2023–23336
Disclosure Summary
🚨 CVE-2023-46958
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.
🎖@cveNotify
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.
🎖@cveNotify
Lmxcms
梦想cms(lmxcms)真免费、开源、无授权限制的网站管理系统
梦想cms(lmxcms)完全免费、开源、无授权限制,您可以使用lmxcms在任何商业或者非商业网站上使用而不必支付任何费用,系统采用主流的mvc架构开发,更加容易进行二次开发,并且内置smarty模板引擎,标签扩展更灵活,并且支持html纯静态生成等功能。
🚨 CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
🎖@cveNotify
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
🎖@cveNotify
Gist
CVE-2023-41425 (WonderCMS Remote Code Execution) - PoC
CVE-2023-41425 (WonderCMS Remote Code Execution) - PoC - CVE-2023-41425.md
🚨 CVE-2023-48056
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
🎖@cveNotify
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
🎖@cveNotify
🚨 CVE-2023-48192
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
🎖@cveNotify
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
🎖@cveNotify
GitHub
GitHub - zxsssd/TotoLink-: cstecgi.cgi的setTracerouteCfg接口存在未授权任意命令执行
cstecgi.cgi的setTracerouteCfg接口存在未授权任意命令执行. Contribute to zxsssd/TotoLink- development by creating an account on GitHub.
🚨 CVE-2023-48105
An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.
🎖@cveNotify
An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.
🎖@cveNotify
GitHub
Heap overflow in wasm_loader_prepare_bytecode · Issue #2726 · bytecodealliance/wasm-micro-runtime
Environments OS : Ubuntu 18.04 5.4.0-150-generic Commit : 52db362 Version : iwasm 1.2.3 Vulnerability Description Affected Tool : iwasm (linux build) Affected Version : = 1.2.3 Impact : Heap out of...
🚨 CVE-2023-48193
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.
🎖@cveNotify
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.
🎖@cveNotify
Fit2Cloud
说明丨关于JumpServer CVE-2023-48193漏洞披露的相关说明
感谢广大用户对JumpServer开源项目的关注和支持。
🚨 CVE-2023-23324
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.
🎖@cveNotify
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.
🎖@cveNotify
Tinexta Cyber
Il polo italiano della Cyber Security
Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del Gruppo Tinexta. Con un approccio integrato che unisce competenza…
🚨 CVE-2023-23325
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.
🎖@cveNotify
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.
🎖@cveNotify
Tinexta Cyber
Il polo italiano della Cyber Security
Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del Gruppo Tinexta. Con un approccio integrato che unisce competenza…
🚨 CVE-2023-24294
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
🎖@cveNotify
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
🎖@cveNotify
Tinexta Cyber
Il polo italiano della Cyber Security
Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del Gruppo Tinexta. Con un approccio integrato che unisce competenza…