๐จ CVE-2023-4324
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
๐@cveNotify
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
๐@cveNotify
๐จ CVE-2023-4323
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
๐@cveNotify
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
๐@cveNotify
๐จ CVE-2023-38865
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
๐@cveNotify
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
๐@cveNotify
GitHub
my_iot_vul/COMFAST/CF-XR11/Command_Inject5 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38863
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
๐@cveNotify
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
๐@cveNotify
GitHub
my_iot_vul/COMFAST/CF-XR11/Command_Inject4 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38862
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
๐@cveNotify
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
๐@cveNotify
GitHub
my_iot_vul/COMFAST/CF-XR11/Command_Inject1 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38861
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
๐@cveNotify
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
๐@cveNotify
GitHub
my_iot_vul/WAVLINK/WL-WN575A3 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38402
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
๐@cveNotify
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
๐@cveNotify
๐จ CVE-2023-38401
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
๐@cveNotify
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
๐@cveNotify
๐จ CVE-2023-4345
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
๐@cveNotify
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
๐@cveNotify
๐จ CVE-2023-38865
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
๐@cveNotify
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
๐@cveNotify
GitHub
my_iot_vul/COMFAST/CF-XR11/Command_Inject5 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38863
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
๐@cveNotify
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
๐@cveNotify
GitHub
my_iot_vul/COMFAST/CF-XR11/Command_Inject4 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38862
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
๐@cveNotify
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
๐@cveNotify
GitHub
my_iot_vul/COMFAST/CF-XR11/Command_Inject1 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38861
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
๐@cveNotify
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
๐@cveNotify
GitHub
my_iot_vul/WAVLINK/WL-WN575A3 at main ยท TTY-flag/my_iot_vul
uplpad WL-WN575A3. Contribute to TTY-flag/my_iot_vul development by creating an account on GitHub.
๐จ CVE-2023-38402
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
๐@cveNotify
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
๐@cveNotify
๐จ CVE-2023-38401
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
๐@cveNotify
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
๐@cveNotify
๐จ CVE-2023-32562
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
๐@cveNotify
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
๐@cveNotify
๐จ CVE-2023-4282
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
๐@cveNotify
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
๐@cveNotify
๐จ CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
๐@cveNotify
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
๐@cveNotify
๐จ CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
๐@cveNotify
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
๐@cveNotify
๐จ CVE-2023-39851
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
๐@cveNotify
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
๐@cveNotify
GitHub
vulnerability-report/webchess_CVE-2023-39851 at main ยท KLSEHB/vulnerability-report
Contribute to KLSEHB/vulnerability-report development by creating an account on GitHub.
๐จ CVE-2023-39850
Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
๐@cveNotify
Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
๐@cveNotify
GitHub
vulnerability-report/Schoolmate_CVE-2023-39850 at main ยท KLSEHB/vulnerability-report
Contribute to KLSEHB/vulnerability-report development by creating an account on GitHub.