๐จ CVE-2023-50651
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.
๐@cveNotify
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.
๐@cveNotify
palm-jump-676 on Notion
X6000R-sub_4119A0 | Notion
version:
๐จ CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.
๐@cveNotify
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.
๐@cveNotify
GitHub
CVEs/CVE-2023-37608 at main ยท CQURE/CVEs
Contribute to CQURE/CVEs development by creating an account on GitHub.
๐จ CVE-2023-37607
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
๐@cveNotify
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
๐@cveNotify
GitHub
CVEs/CVE-2023-37607/README.md at main ยท CQURE/CVEs
Contribute to CQURE/CVEs development by creating an account on GitHub.
๐จ CVE-2023-45559
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
๐@cveNotify
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
๐@cveNotify
๐จ CVE-2023-50643
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
๐@cveNotify
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
๐@cveNotify
GitHub
GitHub - giovannipajeu1/CVE-2023-50643: CVE-2023-50643
CVE-2023-50643. Contribute to giovannipajeu1/CVE-2023-50643 development by creating an account on GitHub.
๐จ CVE-2023-26998
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
๐@cveNotify
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
๐@cveNotify
๐จ CVE-2023-26999
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
๐@cveNotify
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
๐@cveNotify
๐จ CVE-2023-27000
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).
๐@cveNotify
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).
๐@cveNotify
๐จ CVE-2023-27098
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
๐@cveNotify
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
๐@cveNotify
GitHub
CVEs/CVE-2023-27098 at main ยท c0d3x27/CVEs
This a collection of proof-of-concept exploits for various Common Vulnerabilities and Exposures (CVEs) that I have personally discovered. Whether you are passionate about cybersecurity, dedicated t...
๐จ CVE-2022-28975
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
๐@cveNotify
Piotr Ryciak
Second Order Stored Server-Side XSS in Infoblox Grid Manager (CVE-2022-28975) | Piotr Ryciak's blog
Piotr Ryciak's personal blog, related to cybersecurity
๐จ CVE-2023-50128
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.
๐@cveNotify
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.
๐@cveNotify
English
Security concerns in popular smart home devices
Smart home devices are becoming more popular, Bureau Veritas Cybersecurity has tested many of these devices. This article describes several of the vulnerabilities our experts found in the two popular smart home devices.
๐จ CVE-2023-46474
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
๐@cveNotify
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
๐@cveNotify
GitHub
GitHub - Xn2/CVE-2023-46474: Technical details for CVE-2023-46474
Technical details for CVE-2023-46474. Contribute to Xn2/CVE-2023-46474 development by creating an account on GitHub.
๐จ CVE-2023-51810
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
๐@cveNotify
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
๐@cveNotify
GitHub
GitHub - Pastea/CVE-2023-51810
Contribute to Pastea/CVE-2023-51810 development by creating an account on GitHub.
๐จ CVE-2023-46952
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.
๐@cveNotify
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.
๐@cveNotify
GitHub
GitHub - SadFox/ABO.CMS-Blind-XSS: ABO.CMS Blind XSS
ABO.CMS Blind XSS. Contribute to SadFox/ABO.CMS-Blind-XSS development by creating an account on GitHub.
๐จ CVE-2023-51946
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.
๐@cveNotify
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.
๐@cveNotify
GitHub
CVEs/CVE-2023-51946/README.md at main ยท saw-your-packet/CVEs
Repo with found CVEs. Contribute to saw-your-packet/CVEs development by creating an account on GitHub.
๐จ CVE-2023-51947
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.
๐@cveNotify
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.
๐@cveNotify
GitHub
CVEs/CVE-2023-51947/README.md at main ยท saw-your-packet/CVEs
Repo with found CVEs. Contribute to saw-your-packet/CVEs development by creating an account on GitHub.
๐จ CVE-2023-51892
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
๐@cveNotify
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
๐@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about/51892.txt at main ยท cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.
๐จ CVE-2023-51926
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
๐@cveNotify
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
๐@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about/51926.txt at main ยท cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.
๐จ CVE-2023-51927
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.
๐@cveNotify
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.
๐@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about/51927.txt at main ยท cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.
๐จ CVE-2023-51928
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about/51928.txt at main ยท cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.