CVE Notify
19.3K subscribers
4 photos
204K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2023-47320
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

🎖@cveNotify
🚨 CVE-2023-47321
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.

🎖@cveNotify
🚨 CVE-2023-47322
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

🎖@cveNotify
🚨 CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.

🎖@cveNotify
🚨 CVE-2023-47325
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.

🎖@cveNotify
🚨 CVE-2023-47327
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.

🎖@cveNotify
🚨 CVE-2023-50983
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.

🎖@cveNotify
🚨 CVE-2023-50984
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.

🎖@cveNotify
🚨 CVE-2023-50985
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.

🎖@cveNotify
🚨 CVE-2023-50986
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.

🎖@cveNotify
🚨 CVE-2023-50987
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.

🎖@cveNotify
🚨 CVE-2023-50988
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.

🎖@cveNotify
🚨 CVE-2023-50989
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.

🎖@cveNotify
🚨 CVE-2023-50990
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.

🎖@cveNotify
🚨 CVE-2023-50992
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.

🎖@cveNotify
🚨 CVE-2023-50470
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

🎖@cveNotify
🚨 CVE-2023-50651
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

🎖@cveNotify
🚨 CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.

🎖@cveNotify