π¨ CVE-2023-39650
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
π@cveNotify
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
π@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-39650] Improper neutralization of SQL parameters in Theme Volty CMS Blog module for PrestaShop
In the module βTheme Volty CMS Blogβ (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
π¨ CVE-2023-4569
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.
π@cveNotify
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.
π@cveNotify
π¨ CVE-2023-41005
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
π@cveNotify
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
π@cveNotify
GitHub
There is a logical flaw that leads to obtaining shell access. Β· Issue #977 Β· pagekit/pagekit
Problem There is a logical flaw that leads to obtaining shell access. Technical Details Pagekit version: 1.0.18 Webserver: nginx Database: mysql PHP Version: 7.4 Vulnerability Path: app/installer/s...
π¨ CVE-2023-40998
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
π@cveNotify
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
π@cveNotify
π¨ CVE-2023-40997
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
π@cveNotify
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
π@cveNotify
π¨ CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
π@cveNotify
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
π@cveNotify
GitHub
heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code Β· Issue #1945 Β· VirusTotal/yara
Describe the bug AddressSanitizer: heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code To Reproduce Steps to reproduce the behavior: 1, compile yara with asan: ./configure CC=gcc CXX=g++ CF...
π¨ CVE-2023-40828
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
π@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
π@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressing⦠by afeng2016-s · Pull Request #537 · pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
π¨ CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
π@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
π@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressing⦠by afeng2016-s · Pull Request #537 · pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
π¨ CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
π@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
π@cveNotify
GitHub
The method of extracting the zip file has a path traversal vulnerability Β· Issue #536 Β· pf4j/pf4j
description Dear project developers, I use SpringBoot and pf4j to implement the system's extension plug-in function, the use of zip or jar package format is very easy to expand the system. When...
π¨ CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
π@cveNotify
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
π@cveNotify
GitHub
The uploaded malicious plug-in is parsed and the command is executed Β· Issue #15 Β· perfree/PerfreeBlog
Vulnerability information PerfreeBlog implements the extension plug-in function based on SpringBoot and pf4j. After the plug-in is developed, it is packaged as a jar package, which can be directly ...
π¨ CVE-2023-40781
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.
π@cveNotify
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.
π@cveNotify
GitHub
heap-buffer-overflow in r_readc() at fromswf.c:264 Β· Issue #288 Β· libming/libming
A heap buffer overflow occurs when makeswf parse a invalid swf file, and the filename extension is .swf. Test Environment Ubuntu 20.04, 64 bit libming (master 04aee52) Steps to reproduce compile li...
π¨ CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
π@cveNotify
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
π@cveNotify
Gist
CVE-2023-39059
CVE-2023-39059. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2023-34725
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
π@cveNotify
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
π@cveNotify
Jaycar
Wireless Gateway Home Automation Controller | Jaycar Australia
Have you ever dreamt of controlling your homes lighting and appliances remotely? Have you ever wanted to turn your homes lights and appliances off and...
π¨ CVE-2023-34724
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
π@cveNotify
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
π@cveNotify
Jaycar
Wireless Gateway Home Automation Controller | Jaycar Australia
Have you ever dreamt of controlling your homes lighting and appliances remotely? Have you ever wanted to turn your homes lights and appliances off and...
π¨ CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
π@cveNotify
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
π@cveNotify
GitHub
bgpd: Check the length of the rcv software version by ton31337 Β· Pull Request #14241 Β· FRRouting/frr
Make sure we don't exceed the maximum of BGP_MAX_SOFT_VERSION.
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic iggyfran@amazon.com
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic iggyfran@amazon.com
π¨ CVE-2023-41360
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
π@cveNotify
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
π@cveNotify
GitHub
bgpd: Don't read the first byte of ORF header if we are ahead of stream by ton31337 Β· Pull Request #14245 Β· FRRouting/frr
Reported-by: Iggy Frankovic iggyfran@amazon.com
π¨ CVE-2023-37435
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
π¨ CVE-2023-37436
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
π¨ CVE-2023-37437
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
π¨ CVE-2023-23774
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.
π@cveNotify
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.
π@cveNotify
www.midnightblue.nl
TETRA:BURST - Midnight Blue
TETRA:BURST is a collection of five vulnerabilities, two of which are deemed critical, affecting the Terrestrial Trunked Radio (TETRA) standard used globally by law enforcement, military, critical infrastructure, and industrial asset owners in the power,β¦
π¨ CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
π@cveNotify
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
π@cveNotify
www.midnightblue.nl
TETRA:BURST - Midnight Blue
TETRA:BURST is a collection of five vulnerabilities, two of which are deemed critical, affecting the Terrestrial Trunked Radio (TETRA) standard used globally by law enforcement, military, critical infrastructure, and industrial asset owners in the power,β¦