🚨 CVE-2023-34641
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
🎖@cveNotify
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
🎖@cveNotify
Kioware
KioWare | Kiosk System Software
KioWare kiosk system software - kiosk browser software to secure the OS in lockdown kiosk mode. Free trial available.
🚨 CVE-2023-32538
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32273
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32270
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32201
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-30759
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
🎖@cveNotify
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
🎖@cveNotify
Ricoh
Vulnerability Information | Global | Ricoh
[Ricoh Global Official Website]
🚨 CVE-2023-32542
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32288
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-31239
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
🎖@cveNotify
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-27396
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
🎖@cveNotify
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
🎖@cveNotify
🚨 CVE-2023-32276
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-35866
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes.
🎖@cveNotify
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes.
🎖@cveNotify
GitHub
Insecure Two-Factor-Authentication settings modification · Issue #9391 · keepassxreboot/keepassxc
Overview Having set up a YubiKey for my Two-Factor-Authentication i noticed that a confirmation through the set up second-factor is not required when making changes to security-settings within that...
🚨 CVE-2023-34603
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
🎖@cveNotify
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
🎖@cveNotify
GitHub
org.jeecg.modules.api.controller.SystemApiController.queryFilterTableDictInfo方法导致SQL注入 · Issue #4984 · jeecgboot/JeecgBoot
版本号: 3.5.1以及之前的所有版本 前端版本:vue3版?还是 vue2版? vue3版 问题描述: 与问题#4983 类似,访问org.jeecg.modules.api.controller.SystemApiController类中的queryFilterTableDictInfo方法会触发SQL注入,根据需求获取数据库中的关键信息。主要原因还是绕过SQL注入检测方法后,Mybat...
🚨 CVE-2023-34602
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
🎖@cveNotify
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
🎖@cveNotify
GitHub
SQL Injection in 3.5.1 · Issue #4983 · jeecgboot/JeecgBoot
版本号: 3.5.1以及之前的所有版本 前端版本:vue3版?还是 vue2版? vue3版 问题描述: 代码中存在SQL注入风险。尽管代码中添加SQL注入的过滤功能,但我们测试发现访问org.jeecg.modules.api.controller.SystemApiController类中的queryTableDictItemsByCode方法还是能通过特殊的字符串获取数据表中我们想要的...
🚨 CVE-2023-3309
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.
🎖@cveNotify
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.
🎖@cveNotify
Vuldb
CVE-2023-3309 SourceCodester Resort Reservation System Manage Room page cross site scripting
A vulnerability was found in SourceCodester Resort Reservation System 1.0. It has been declared as problematic. This vulnerability is cataloged as CVE-2023-3309. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
🚨 CVE-2023-3311
A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.
🎖@cveNotify
A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.
🎖@cveNotify
🚨 CVE-2023-35005
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.
This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.
This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.
🎖@cveNotify
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.
This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.
This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.
🎖@cveNotify
🚨 CVE-2023-2899
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
🎖@cveNotify
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
🎖@cveNotify
WPScan
Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS
See details on Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS CVE 2023-2899. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2812
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
WPScan
Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS
See details on the Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2811
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
🎖@cveNotify
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
🎖@cveNotify
WPScan
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
See details on AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting CVE 2023-2811. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2805
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
WPScan
SupportCandy < 3.1.7 - Admin+ SQLi
See details on SupportCandy < 3.1.7 - Admin+ SQLi CVE 2023-2805. View the latest Plugin Vulnerabilities on WPScan.