π¨ CVE-2023-3306
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2023-3307
A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2023-3308
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.
π@cveNotify
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.
π@cveNotify
π¨ CVE-2023-3310
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability.
π@cveNotify
π¨ CVE-2023-3309
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.
π@cveNotify
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.
π@cveNotify
Vuldb
CVE-2023-3309 SourceCodester Resort Reservation System Manage Room page cross site scripting
A vulnerability was found in SourceCodester Resort Reservation System 1.0. It has been declared as problematic. This vulnerability is cataloged as CVE-2023-3309. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
π¨ CVE-2023-3311
A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.
π@cveNotify
A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.
π@cveNotify
π¨ CVE-2023-32681
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
π@cveNotify
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
π@cveNotify
GitHub
Unintended leak of Proxy-Authorization header
### Impact
Since Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This...
Since Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This...
π¨ CVE-2023-35823
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
π@cveNotify
π¨ CVE-2023-35829
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
π@cveNotify
π¨ CVE-2023-35828
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
π@cveNotify
π¨ CVE-2023-35827
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
π@cveNotify
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
π@cveNotify
www.spinics.net
[PATCH net] net: ravb: Fix possible UAF bug in ravb_remove β Netdev
[PATCH net] net: ravb: Fix possible UAF bug in ravb_remove β Linux Network Development
π¨ CVE-2023-35826
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
π@cveNotify
π¨ CVE-2023-35825
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
π@cveNotify
π¨ CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
π@cveNotify
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
π@cveNotify
GitHub
panorama: fix folder validation Β· sni/Thruk@cf03f67
make sure picture upload targets a folder below user content folder.
- CVE-2023-34096
- CVE-2023-34096
π¨ CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
π@cveNotify
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
π@cveNotify
GitHub
[VD:LocalFileSystem] Security fixes, directory traversal vulnerability Β· Studio-42/elFinder@bb9aaa7
fixes
This issue was found by MichaΕ Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
This issue was found by MichaΕ Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
π¨ CVE-2023-35844
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
π@cveNotify
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
π@cveNotify
GitHub
Comparing 0.510.2...0.510.3 Β· lightdash/lightdash
Open source BI for teams that move fast β‘οΈ. Contribute to lightdash/lightdash development by creating an account on GitHub.
π¨ CVE-2023-35849
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
π@cveNotify
GitHub
More checks for correct header sizes Β· virtualsquare/picotcp@4b9a167
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35848
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
π@cveNotify
GitHub
Various fixes on size calculation by danielinux Β· Pull Request #15 Β· virtualsquare/picotcp
TCP: Fixed MSS size calculation, set lower MSS bound
TCP: Check options size before parsing MSS field
ipfilter: Check transport layer size before dereferencing port numbers
IPv4: Check transport la...
TCP: Check options size before parsing MSS field
ipfilter: Check transport layer size before dereferencing port numbers
IPv4: Check transport la...
π¨ CVE-2023-35847
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
π@cveNotify
GitHub
TCP: Fixed MSS size calculation. Set MSS lower bound. Β· virtualsquare/picotcp@eaf1660
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35846
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
π@cveNotify
GitHub
[ipfilter] Check transport layer length in frame before filtering ports Β· virtualsquare/picotcp@d561990
Reported-by: "P. Amsuo, Purdue University"