🚨 CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
🎖@cveNotify
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
🎖@cveNotify
GitHub
CVEs/CVE-2023-47323 at master · RhinoSecurityLabs/CVEs
Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs - RhinoSecurityLabs/CVEs
🚨 CVE-2023-47324
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
🎖@cveNotify
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
🎖@cveNotify
GitHub
CVEs/CVE-2023-47324 at master · RhinoSecurityLabs/CVEs
Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs - RhinoSecurityLabs/CVEs
🚨 CVE-2023-47325
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
🎖@cveNotify
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
🎖@cveNotify
GitHub
CVEs/CVE-2023-47325 at master · RhinoSecurityLabs/CVEs
Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs - RhinoSecurityLabs/CVEs
🚨 CVE-2023-47326
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
🎖@cveNotify
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
🎖@cveNotify
GitHub
CVEs/CVE-2023-47326 at master · RhinoSecurityLabs/CVEs
Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs - RhinoSecurityLabs/CVEs
🚨 CVE-2023-47327
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.
🎖@cveNotify
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.
🎖@cveNotify
GitHub
CVEs/CVE-2023-47327 at master · RhinoSecurityLabs/CVEs
Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs - RhinoSecurityLabs/CVEs
🚨 CVE-2023-50983
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
🎖@cveNotify
🚨 CVE-2023-50984
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
🎖@cveNotify
🚨 CVE-2023-50985
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.
🎖@cveNotify
🚨 CVE-2023-50986
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
🎖@cveNotify
🚨 CVE-2023-50987
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.
🎖@cveNotify
🚨 CVE-2023-50988
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.
🎖@cveNotify
🚨 CVE-2023-50989
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
🎖@cveNotify
🚨 CVE-2023-50990
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.
🎖@cveNotify
🚨 CVE-2023-50992
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.
🎖@cveNotify
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.
🎖@cveNotify
🚨 CVE-2023-46987
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
🎖@cveNotify
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
🎖@cveNotify
Seacms
海洋CMS - 开源免费PHP影视系统,影视CMS,视频CMS,电影CMS,SEACMS
海洋cms是为解决站长核心需求而设计的内容管理系统,一套程序自适应电脑、手机、平板、APP多个终端入口,无任何加密代码、安全有保障,是您最佳的建站工具
🚨 CVE-2023-50470
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
🎖@cveNotify
🚨 CVE-2023-50651
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.
🎖@cveNotify
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.
🎖@cveNotify
palm-jump-676 on Notion
X6000R-sub_4119A0 | Notion
version:
🚨 CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.
🎖@cveNotify
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.
🎖@cveNotify
GitHub
CVEs/CVE-2023-37608 at main · CQURE/CVEs
Contribute to CQURE/CVEs development by creating an account on GitHub.
🚨 CVE-2023-37607
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
🎖@cveNotify
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
🎖@cveNotify
GitHub
CVEs/CVE-2023-37607/README.md at main · CQURE/CVEs
Contribute to CQURE/CVEs development by creating an account on GitHub.
🚨 CVE-2023-45559
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
🎖@cveNotify
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
🎖@cveNotify