Vulnerability Summary for the Week of October 23, 2023

Posted by:

|

On:

|

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-26 9.8 CVE-2023-43737
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-27 9.8 CVE-2023-43738
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘contact’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-27 9.8 CVE-2023-44162
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘lnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-26 9.8 CVE-2023-44267
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘gender’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-26 9.8 CVE-2023-44268
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add1’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-27 9.8 CVE-2023-44375
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add2’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-27 9.8 CVE-2023-44376
MISC
MISC
projectworlds_pvt._limited — online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add3’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-27 9.8 CVE-2023-44377
MISC
MISC
apache — http_server Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57. 2023-10-23 9.1 CVE-2023-31122
MISC
MISC
MISC
byzoro — smart_s85f_firmware A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-10-21 9.8 CVE-2023-5683
MISC
MISC
MISC
byzoro — smart_s85f_firmware A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-10-21 9.8 CVE-2023-5684
MISC
MISC
MISC
calibre-ebook — calibre link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. 2023-10-22 7.5 CVE-2023-46303
MISC
MISC
codeastro — internet_banking_system A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. 2023-10-22 9.8 CVE-2023-5693
MISC
MISC
MISC
color — demoiccmax In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. 2023-10-23 8.8 CVE-2023-46602
MISC
color — demoiccmax In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. 2023-10-23 7.8 CVE-2023-46603
MISC
dell — unity_operating_environment Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. 2023-10-23 7.8 CVE-2023-43066
MISC
dell — unity_operating_environment Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. 2023-10-23 7.5 CVE-2023-43074
MISC
edm_informatics — e-invoice
 
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1. 2023-10-27 7.5 CVE-2023-5443
MISC
f5 — big-ip Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2023-10-26 9.8 CVE-2023-46747
MISC
f5 — big-ip An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2023-10-26 8.8 CVE-2023-46748
MISC
frostming — pdm pdm is a Python package and dependency manager supporting the latest PEP standards. It’s possible to craft a malicious `pdm.lock` file that could allow e.g., an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it’s not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what’s actually installed could differ from what’s listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-10-20 7.8 CVE-2023-45805
MISC
MISC
MISC
MISC
MISC
ibm — cognos_dashboards_on_cloud_pak_for_data IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. 2023-10-22 7.5 CVE-2023-38275
MISC
MISC
ibm — cognos_dashboards_on_cloud_pak_for_data IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. 2023-10-22 7.5 CVE-2023-38276
MISC
MISC
ibm — security_verify_governance IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. 2023-10-23 9.8 CVE-2022-22466
MISC
MISC
ibm — security_verify_governance IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. 2023-10-23 8.8 CVE-2023-33839
MISC
MISC
ibm — security_verify_governance IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. 2023-10-23 7.5 CVE-2023-33837
MISC
MISC
ibm — sterling_partner_engagement_manager IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. 2023-10-23 7.5 CVE-2023-43045
MISC
MISC
idattend — idweb Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26568
MISC
idattend — idweb Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26569
MISC
idattend — idweb Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26572
MISC
idattend — idweb Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. 2023-10-25 9.1 CVE-2023-26573
MISC
idattend — idweb Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26581
MISC
idattend — idweb Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26582
MISC
idattend — idweb Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26583
MISC
idattend — idweb Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-26584
MISC
idattend — idweb Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-27254
MISC
idattend — idweb Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-27255
MISC
idattend — idweb Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-27260
MISC
idattend — idweb Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 2023-10-25 9.1 CVE-2023-27262
MISC
idattend — idweb Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. 2023-10-25 8.8 CVE-2023-26578
MISC
idattend — idweb Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-26570
MISC
idattend — idweb Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-26571
MISC
idattend — idweb Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-26574
MISC
idattend — idweb Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-26575
MISC
idattend — idweb Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-26576
MISC
idattend — idweb Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-26580
MISC
idattend — idweb Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-27257
MISC
idattend — idweb Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-27258
MISC
idattend — idweb Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-27259
MISC
idattend — idweb Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-27375
MISC
idattend — idweb Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-27376
MISC
idattend — idweb Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 2023-10-25 7.5 CVE-2023-27377
MISC
inohom — home_manager_gateway
 
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This issue affects Home Manager Gateway: before v.1.27.12. 2023-10-27 7.5 CVE-2023-5570
MISC
langchain — langchain In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain. 2023-10-20 9.8 CVE-2023-32785
MISC
langchain — langchain In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. 2023-10-20 7.5 CVE-2023-32786
MISC
m-files — web_companion Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution  2023-10-20 7.8 CVE-2023-5523
MISC
modoboa — modoboa Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. 2023-10-20 8.8 CVE-2023-5690
MISC
MISC
mosparo — mosparo Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. 2023-10-20 8.8 CVE-2023-5687
MISC
MISC
netentsec — application_security_gateway A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. 2023-10-23 9.8 CVE-2023-5700
MISC
MISC
MISC
netentsec — application_security_gateway A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-10-20 7.2 CVE-2023-5681
MISC
MISC
MISC
openimageio — openimageio An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c 2023-10-23 8.8 CVE-2023-42295
MISC
pleaser — pleaser please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) 2023-10-20 7.8 CVE-2023-46277
MISC
MISC
MISC
MISC
projectworlds_pvt._limited — leave_management_system_project
 
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setcasualleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-27 9.8 CVE-2023-44480
MISC
MISC
qnap — qusbcam2 An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later 2023-10-20 8.8 CVE-2023-23373
MISC
radare — radare2 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. 2023-10-20 8.8 CVE-2023-5686
MISC
MISC
reconftw — reconftw reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it’s own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-10-20 8.8 CVE-2023-46117
MISC
MISC
secudos — qiata SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. 2023-10-20 7.8 CVE-2023-40361
MISC
silabs — gecko_bootloader An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. 2023-10-20 7.8 CVE-2023-3487
MISC
MISC
sitolog — sitolog_application_connect Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. 2023-10-20 9.8 CVE-2023-37824
MISC
sollace — unicopia Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. 2023-10-20 9.8 CVE-2023-39680
MISC
stb_image.h — stb_image.h stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. It would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non-null value. However, at the same time the function may return null value but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. The issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed 2023-10-21 9.8 CVE-2023-45666
MISC
MISC
MISC
stb_image.h — stb_image.h stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. 2023-10-21 8.8 CVE-2023-45664
MISC
MISC
stb_image.h — stb_image.h stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. 2023-10-21 8.1 CVE-2023-45662
MISC
MISC
stb_image.h — stb_image.h stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails, it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. 2023-10-21 7.5 CVE-2023-45667
MISC
MISC
MISC
stb_image.h — stb_image.h stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. 2023-10-21 7.1 CVE-2023-45661
MISC
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. 2023-10-21 7.8 CVE-2023-45676
MISC
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)’’;`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. 2023-10-21 7.8 CVE-2023-45677
MISC
MISC
MISC
MISC
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. 2023-10-21 7.8 CVE-2023-45678
MISC
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. 2023-10-21 7.8 CVE-2023-45679
MISC
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. 2023-10-21 7.8 CVE-2023-45681
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. 2023-10-21 7.1 CVE-2023-45682
MISC
MISC
MISC
MISC
stb_image.h — stb_vorbis.c stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)’’;`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. 2023-10-21 7.8 CVE-2023-45675
MISC
MISC
MISC
MISC
superwebmailer — superwebmailer An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. 2023-10-21 8.8 CVE-2023-38190
MISC
MISC
superwebmailer — superwebmailer An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. 2023-10-21 8.8 CVE-2023-38193
MISC
MISC
thingnario — photon An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the “thingnario Logger Maintenance Webpage” endpoint. 2023-10-21 8.8 CVE-2023-46055
MISC
tongda — oa A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-10-20 9.8 CVE-2023-5682
MISC
MISC
MISC
totolink — a3700r_firmware An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. 2023-10-25 9.8 CVE-2023-46574
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. 2023-10-25 9.8 CVE-2023-46554
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. 2023-10-25 9.8 CVE-2023-46555
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. 2023-10-25 9.8 CVE-2023-46556
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. 2023-10-25 9.8 CVE-2023-46557
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. 2023-10-25 9.8 CVE-2023-46558
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. 2023-10-25 9.8 CVE-2023-46559
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. 2023-10-25 9.8 CVE-2023-46560
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. 2023-10-25 9.8 CVE-2023-46562
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. 2023-10-25 9.8 CVE-2023-46563
MISC
MISC
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. 2023-10-25 9.8 CVE-2023-46564
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. 2023-10-25 9.8 CVE-2023-46520
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. 2023-10-25 9.8 CVE-2023-46521
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister. 2023-10-25 9.8 CVE-2023-46522
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. 2023-10-25 9.8 CVE-2023-46523
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. 2023-10-25 9.8 CVE-2023-46525
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. 2023-10-25 9.8 CVE-2023-46526
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle. 2023-10-25 9.8 CVE-2023-46527
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. 2023-10-25 9.8 CVE-2023-46534
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. 2023-10-25 9.8 CVE-2023-46535
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. 2023-10-25 9.8 CVE-2023-46536
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. 2023-10-25 9.8 CVE-2023-46537
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. 2023-10-25 9.8 CVE-2023-46538
MISC
MISC
tp-link — tl-wr886n_firmware TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. 2023-10-25 9.8 CVE-2023-46539
MISC
MISC
trtek_software — education_portal Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29. 2023-10-27 9.8 CVE-2023-5807
MISC
vercel — next.js Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. 2023-10-22 7.5 CVE-2023-46298
MISC
MISC
MISC
vmware — fusion VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. 2023-10-20 7.8 CVE-2023-34045
MISC
vmware — fusion VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. 2023-10-20 7 CVE-2023-34046
MISC
wallix — bastion WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. 2023-10-23 7.5 CVE-2023-46319
MISC
wordpress — wordpress The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths. 2023-10-20 7.5 CVE-2023-4668
MISC
MISC
wordpress — wordpress The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the ‘zeroBSCRM_CSVImporterLitehtml_app’ function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a ‘file_exists’ check on the value of ‘zbscrmcsvimpf’. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. 2023-10-20 8.8 CVE-2022-3342
MISC
MISC
MISC
wordpress — wordpress The Brizy plugin for WordPress is vulnerable to authorization bypass due to an incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. 2023-10-20 8.1 CVE-2020-36714
MISC
MISC
wordpress — wordpress The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. 2023-10-20 8.8 CVE-2020-36698
MISC
MISC
MISC
wordpress — wordpress The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the ‘ctl_sanitize_title’ function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. 2023-10-20 8.8 CVE-2022-4290
MISC
MISC
wordpress — wordpress The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin’s [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2023-10-20 8.8 CVE-2023-4999
MISC
MISC
wordpress — wordpress The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2023-10-20 9.8 CVE-2023-4488
MISC
MISC
wordpress — wordpress The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. 2023-10-20 7.2 CVE-2023-5414
MISC
MISC
MISC
wordpress — wordpress The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the ‘cli_path’ parameter in versions up to and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server. 2023-10-20 8.8 CVE-2022-2441
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. 2023-10-21 8.8 CVE-2023-46078
MISC
wordpress — wordpress The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. 2023-10-20 8.8 CVE-2023-4920
MISC
MISC
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. 2023-10-21 8.8 CVE-2023-46067
MISC
wordpress — wordpress The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. 2023-10-20 8.8 CVE-2021-4334
MISC
MISC
wordpress — wordpress The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. 2023-10-20 9.8 CVE-2020-36706
MISC
MISC
MISC
MISC
wordpress — wordpress The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). 2023-10-21 7.5 CVE-2023-5132
MISC
MISC
wordpress — wordpress The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2023-10-20 8.1 CVE-2023-4386
MISC
MISC
wordpress — wordpress The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2023-10-20 9.8 CVE-2023-4402
MISC
MISC
wordpress — wordpress The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. 2023-10-20 9.3 CVE-2023-5576
MISC
MISC
MISC
zscaler — client_connector An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 2023-10-23 9.8 CVE-2023-28805
MISC
zscaler — client_connector The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. 2023-10-23 7.8 CVE-2021-26735
MISC
zscaler — client_connector Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. 2023-10-23 7.8 CVE-2021-26736
MISC
zscaler — client_connector Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. 2023-10-23 7.8 CVE-2021-26738
MISC
zscaler — client_connector Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. 2023-10-23 7.8 CVE-2023-28793
MISC
zscaler — client_connector Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. 2023-10-23 7.8 CVE-2023-28795
MISC
zscaler — client_connector Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. 2023-10-23 7.8 CVE-2023-28796
MISC
zscaler — client_connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. 2023-10-23 7.3 CVE-2023-28797
MISC
zzzcms — zzzcms File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. 2023-10-25 9.8 CVE-2023-45554
MISC
zzzcms — zzzcms File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. 2023-10-25 7.8 CVE-2023-45555
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — airflow Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348. 2023-10-23 4.3 CVE-2023-46288
MISC
MISC
apache — santuario_xml_security_for_java All versions of Apache Santuario – XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. 2023-10-20 6.5 CVE-2023-44483
MISC
MISC
cmsmadesimple — cmsmadesimple Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. 2023-10-20 5.4 CVE-2023-43353
MISC
cmsmadesimple — cmsmadesimple Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. 2023-10-20 5.4 CVE-2023-43354
MISC
cmsmadesimple — cmsmadesimple Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences – Add user component. 2023-10-20 5.4 CVE-2023-43355
MISC
MISC
cmsmadesimple — cmsmadesimple Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. 2023-10-20 5.4 CVE-2023-43356
MISC
cmsmadesimple — cmsmadesimple Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. 2023-10-20 5.4 CVE-2023-43357
MISC
codeastro — internet_banking_system A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132. 2023-10-22 6.1 CVE-2023-5694
MISC
MISC
MISC
codeastro — internet_banking_system A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com’%26%25 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability. 2023-10-22 6.1 CVE-2023-5695
MISC
MISC
MISC
codeastro — internet_banking_system A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928–>

Posted by

in