๐จ CVE-2023-35843
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
๐@cveNotify
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
๐@cveNotify
dw1โs Advisory
CVE-2023-35843: Arbitrary File Read in NocoDB
The NocoDB application version <= 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulatingโฆ
๐จ CVE-2023-3315
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
๐@cveNotify
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
๐@cveNotify
Jenkins Security Advisory 2023-06-14
Jenkins โ an open source automation server which enables developers around the world to reliably build, test, and deploy their software
๐จ CVE-2023-32659
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
๐@cveNotify
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
๐@cveNotify
๐จ CVE-2023-29158
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
๐@cveNotify
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
๐@cveNotify
๐จ CVE-2023-3217
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
๐จ CVE-2023-3216
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
๐จ CVE-2023-3215
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
๐จ CVE-2023-3214
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
๐@cveNotify
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
๐@cveNotify
๐จ CVE-2023-3320
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
๐@cveNotify
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
๐@cveNotify
Wordfence
WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting โ Wordfence Intelligence
๐จ CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.
๐@cveNotify
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.
๐@cveNotify
๐จ CVE-2023-3337
A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.
๐@cveNotify
Vuldb
CVE-2023-3337 PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authentication
A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. This vulnerability is known as CVE-2023-3337.
๐จ CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
๐@cveNotify
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
๐@cveNotify
Manageengine
ManageEngine: ITOps, cybersecurity & service management software
ManageEngine powers businesses like yours to take control of your IT with enterprise-grade solutions built from the ground up.
๐จ CVE-2023-1999
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
๐@cveNotify
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
๐@cveNotify
๐1
๐จ CVE-2023-34597
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
๐@cveNotify
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
๐@cveNotify
fibaro.com
FIBARO | Motion Sensor - Motion detector
Motion sensor, light sensor and temperature sensor, all in one to improve home automation performance. With this motion detector you will experience much more. Pick your HomeKit or Z-wave sensor and manage home automation with this smart device.
๐จ CVE-2023-34596
A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
๐@cveNotify
A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
๐@cveNotify
GitHub
IoT-CVE/Aeotec WallMote Switch Vulnerability Report.pdf at main ยท iot-sec23/IoT-CVE
This repo includes the CVEs that discovered by our research group. - iot-sec23/IoT-CVE
๐จ CVE-2020-21489
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.
๐@cveNotify
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.
๐@cveNotify
GitHub
Feehicms-2.0.8 can be attacked directly to getshell via the avatar uploads ยท Issue #46 ยท liufee/cms
There is an arbitrary file upload vulnerability in the background avatar upload. The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scrip...
๐จ CVE-2020-21486
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
๐@cveNotify
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
๐@cveNotify
GitHub
PHPOK5.4 has sensitive information disclosure and sql injection ยท Issue #8 ยท qinggan/phpok
in framework/phpok_call.php, the function _userlist has a sql injection in some reasons, we can controll the value of variable $rs, so we can splice evil sql query you can see, it also include sens...
๐จ CVE-2020-21485
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.
๐@cveNotify
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.
๐@cveNotify
GitHub
Alluxio v1.8.1 reflected xss vulnerability ยท Issue #10552 ยท Alluxio/alluxio
A reflected XSS vulnerability was found in Allusio V1.8.1. An attacker can inject arbitrary web script or HTML through the "path" parameter in the Browse board, causing a reflected XSS at...
๐จ CVE-2020-21474
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
๐@cveNotify
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
๐@cveNotify
๐จ CVE-2020-21400
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.
๐@cveNotify
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.
๐@cveNotify
GitHub
i found admin/admin_save.php in PHPMyWind 5.6 has sql injection. ยท Issue #11 ยท gaozhifeng/PHPMyWind
i found a sql injection vulnerability in the backend management system of PHPMyWind 5.6 The relevant source code is as follows: //ไฟฎๆน็ฎก็ๅ else if($action == 'update') { //ๅๅงไบบ่ดฆๅทไธๅ
่ฎธๆดๆน็ถๆ if($id ...