Dernières vulnérabilités du Lundi 24 Juillet 2023 + weekend

Dernières vulnérabilités du Lundi 24 Juillet 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 24/07/2023 à 14:24:38

(18) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : cert.org.tw

Vulnérabilité ID : CVE-2023-37292

Première publication le : 21-07-2023 05:15:15
Dernière modification le : 21-07-2023 12:52:26

Description :
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.

CVE ID : CVE-2023-37292
Source : twcert@cert.org.tw
Score CVSS : 9.8

Références :
https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-35086

Première publication le : 21-07-2023 07:15:10
Dernière modification le : 21-07-2023 12:52:26

Description :
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVE ID : CVE-2023-35086
Source : twcert@cert.org.tw
Score CVSS : 9.8

Références :
https://www.twcert.org.tw/tw/cp-132-7240-a5f96-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-134


Vulnérabilité ID : CVE-2023-35087

Première publication le : 21-07-2023 08:15:09
Dernière modification le : 21-07-2023 12:52:26

Description :
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVE ID : CVE-2023-35087
Source : twcert@cert.org.tw
Score CVSS : 9.8

Références :
https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-134


Source : github.com

Vulnérabilité ID : CVE-2023-37903

Première publication le : 21-07-2023 20:15:16
Dernière modification le : 21-07-2023 20:15:16

Description :
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

CVE ID : CVE-2023-37903
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 | source : security-advisories@github.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-37917

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-37917
Source : security-advisories@github.com
Score CVSS : 9.1

Références :
https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r | source : security-advisories@github.com

Vulnérabilité : CWE-269


Source : cisco.com

Vulnérabilité ID : CVE-2022-41793

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 17:15:09

Description :
An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-41793
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667 | source : talos-cna@cisco.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2022-42885

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:09

Description :
A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-42885
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668 | source : talos-cna@cisco.com

Vulnérabilité : CWE-824


Vulnérabilité ID : CVE-2022-43467

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-43467
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2022-44451

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-44451
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669 | source : talos-cna@cisco.com

Vulnérabilité : CWE-824


Vulnérabilité ID : CVE-2022-46280

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-46280
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670 | source : talos-cna@cisco.com

Vulnérabilité : CWE-824


Vulnérabilité ID : CVE-2022-46289

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation

CVE ID : CVE-2022-46289
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 | source : talos-cna@cisco.com

Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2022-46290

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms

CVE ID : CVE-2022-46290
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 | source : talos-cna@cisco.com

Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2022-46291

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 17:15:09

Description :
Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format

CVE ID : CVE-2022-46291
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2022-46292

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 17:15:09

Description :
Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section

CVE ID : CVE-2022-46292
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2022-46293

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 22-07-2023 18:15:10

Description :
Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section

CVE ID : CVE-2022-46293
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2022-46294

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 22-07-2023 18:15:10

Description :
Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format

CVE ID : CVE-2022-46294
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2022-46295

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 22-07-2023 18:15:10

Description :
Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format

CVE ID : CVE-2022-46295
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Source : emc.com

Vulnérabilité ID : CVE-2023-32478

Première publication le : 21-07-2023 06:15:09
Dernière modification le : 21-07-2023 12:52:26

Description :
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

CVE ID : CVE-2023-32478
Source : security_alert@emc.com
Score CVSS : 9.0

Références :
https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnérabilité : CWE-532


(20) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : cert.org.tw

Vulnérabilité ID : CVE-2023-37291

Première publication le : 21-07-2023 04:15:15
Dernière modification le : 21-07-2023 12:52:26

Description :
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through 6.2.0.

CVE ID : CVE-2023-37291
Source : twcert@cert.org.tw
Score CVSS : 8.6

Références :
https://www.twcert.org.tw/tw/cp-132-7224-4fe1f-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-798


Source : esri.com

Vulnérabilité ID : CVE-2023-25835

Première publication le : 21-07-2023 00:15:10
Dernière modification le : 21-07-2023 12:52:32

Description :
There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.

CVE ID : CVE-2023-25835
Source : psirt@esri.com
Score CVSS : 8.4

Références :
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/ | source : psirt@esri.com

Vulnérabilité : CWE-79


Source : cisco.com

Vulnérabilité ID : CVE-2022-43607

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-43607
Source : talos-cna@cisco.com
Score CVSS : 8.1

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2022-37331

Première publication le : 21-07-2023 21:15:10
Dernière modification le : 22-07-2023 18:15:09

Description :
An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2022-37331
Source : talos-cna@cisco.com
Score CVSS : 7.3

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672 | source : talos-cna@cisco.com

Vulnérabilité : CWE-119


Source : hackerone.com

Vulnérabilité ID : CVE-2023-35077

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

CVE ID : CVE-2023-35077
Source : support@hackerone.com
Score CVSS : 8.1

Références :
https://forums.ivanti.com/s/article/SA-2023-07-19-CVE-2023-35077 | source : support@hackerone.com


Source : gitlab.com

Vulnérabilité ID : CVE-2023-3484

Première publication le : 21-07-2023 14:15:10
Dernière modification le : 21-07-2023 14:15:10

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.

CVE ID : CVE-2023-3484
Source : cve@gitlab.com
Score CVSS : 8.0

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416773 | source : cve@gitlab.com
https://hackerone.com/reports/2035687 | source : cve@gitlab.com

Vulnérabilité : CWE-840


Source : gg.jp.panasonic.com

Vulnérabilité ID : CVE-2023-28728

Première publication le : 21-07-2023 07:15:09
Dernière modification le : 21-07-2023 12:52:26

Description :
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

CVE ID : CVE-2023-28728
Source : product-security@gg.jp.panasonic.com
Score CVSS : 7.8

Références :
https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro | source : product-security@gg.jp.panasonic.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-28729

Première publication le : 21-07-2023 07:15:09
Dernière modification le : 21-07-2023 12:52:26

Description :
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

CVE ID : CVE-2023-28729
Source : product-security@gg.jp.panasonic.com
Score CVSS : 7.8

Références :
https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro | source : product-security@gg.jp.panasonic.com

Vulnérabilité : CWE-843


Vulnérabilité ID : CVE-2023-28730

Première publication le : 21-07-2023 07:15:10
Dernière modification le : 21-07-2023 12:52:26

Description :
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

CVE ID : CVE-2023-28730
Source : product-security@gg.jp.panasonic.com
Score CVSS : 7.8

Références :
https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro | source : product-security@gg.jp.panasonic.com

Vulnérabilité : CWE-119


Source : google.com

Vulnérabilité ID : CVE-2023-3609

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.

CVE ID : CVE-2023-3609
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc | source : cve-coordination@google.com
https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-3610

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.

CVE ID : CVE-2023-3610
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795 | source : cve-coordination@google.com
https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-3611

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.

CVE ID : CVE-2023-3611
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 | source : cve-coordination@google.com
https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64 | source : cve-coordination@google.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-3776

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.

CVE ID : CVE-2023-3776
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f | source : cve-coordination@google.com
https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Source : vuldb.com

Vulnérabilité ID : CVE-2023-3842

Première publication le : 23-07-2023 04:15:09
Dernière modification le : 23-07-2023 04:15:09

Description :
A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3842
Source : cna@vuldb.com
Score CVSS : 7.8

Références :
https://vuldb.com/?ctiid.235193 | source : cna@vuldb.com
https://vuldb.com/?id.235193 | source : cna@vuldb.com

Vulnérabilité : CWE-428


Vulnérabilité ID : CVE-2023-3805

Première publication le : 21-07-2023 02:15:09
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712. This issue affects some unknown processing in the library UserInfoAction.class of the component Login. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235073 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3805
Source : cna@vuldb.com
Score CVSS : 7.3

Références :
https://github.com/GUIqizsq/cve/blob/main/login.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235073 | source : cna@vuldb.com
https://vuldb.com/?id.235073 | source : cna@vuldb.com

Vulnérabilité : CWE-285


Source : huntr.dev

Vulnérabilité ID : CVE-2023-3819

Première publication le : 21-07-2023 15:15:10
Dernière modification le : 21-07-2023 15:15:10

Description :
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE ID : CVE-2023-3819
Source : security@huntr.dev
Score CVSS : 7.6

Références :
https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54 | source : security@huntr.dev
https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c | source : security@huntr.dev

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-3820

Première publication le : 21-07-2023 15:15:10
Dernière modification le : 21-07-2023 15:15:10

Description :
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE ID : CVE-2023-3820
Source : security@huntr.dev
Score CVSS : 7.2

Références :
https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97 | source : security@huntr.dev
https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db | source : security@huntr.dev

Vulnérabilité : CWE-89


Source : wordfence.com

Vulnérabilité ID : CVE-2023-3813

Première publication le : 21-07-2023 03:15:10
Dernière modification le : 21-07-2023 12:52:26

Description :
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated.

CVE ID : CVE-2023-3813
Source : security@wordfence.com
Score CVSS : 7.5

Références :
https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php?rev=2777235#L425 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-22


Source : github.com

Vulnérabilité ID : CVE-2023-37915

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-37915
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25 | source : security-advisories@github.com
https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9 | source : security-advisories@github.com

Vulnérabilité : CWE-20


Source : otrs.com

Vulnérabilité ID : CVE-2023-38056

Première publication le : 24-07-2023 09:15:09
Dernière modification le : 24-07-2023 09:15:09

Description :
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CVE ID : CVE-2023-38056
Source : security@otrs.com
Score CVSS : 7.2

Références :
https://otrs.com/release-notes/otrs-security-advisory-2023-05/ | source : security@otrs.com

Vulnérabilité : CWE-78


(35) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : esri.com

Vulnérabilité ID : CVE-2023-25837

Première publication le : 21-07-2023 04:15:12
Dernière modification le : 21-07-2023 12:52:26

Description :
There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.

CVE ID : CVE-2023-25837
Source : psirt@esri.com
Score CVSS : 6.8

Références :
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/ | source : psirt@esri.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25836

Première publication le : 21-07-2023 04:15:11
Dernière modification le : 21-07-2023 12:52:26

Description :
There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.

CVE ID : CVE-2023-25836
Source : psirt@esri.com
Score CVSS : 5.4

Références :
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/ | source : psirt@esri.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25841

Première publication le : 21-07-2023 19:15:10
Dernière modification le : 21-07-2023 19:15:10

Description :
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.

CVE ID : CVE-2023-25841
Source : psirt@esri.com
Score CVSS : 4.8

Références :
https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available/ | source : psirt@esri.com

Vulnérabilité : CWE-79


Source : github.com

Vulnérabilité ID : CVE-2023-37918

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-37918
Source : security-advisories@github.com
Score CVSS : 6.8

Références :
https://docs.dapr.io/operations/security/api-token/ | source : security-advisories@github.com
https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a | source : security-advisories@github.com
https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj | source : security-advisories@github.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-37916

Première publication le : 21-07-2023 21:15:11
Dernière modification le : 21-07-2023 21:15:11

Description :
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-37916
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h | source : security-advisories@github.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-37905

Première publication le : 21-07-2023 20:15:16
Dernière modification le : 21-07-2023 20:15:16

Description :
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-37905
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/w8tcha/CKEditor-WordCount-Plugin/commit/0f03b3e5b7c1409998a13aba3a95396e6fa349d8 | source : security-advisories@github.com
https://github.com/w8tcha/CKEditor-WordCount-Plugin/commit/a4b154bdf35b3465320136fcb078f196b437c2f1 | source : security-advisories@github.com
https://github.com/w8tcha/CKEditor-WordCount-Plugin/security/advisories/GHSA-q9w4-w667-qqj4 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-37901

Première publication le : 21-07-2023 19:15:10
Dernière modification le : 21-07-2023 19:15:10

Description :
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone else to attempt to delete this content. Considering that event organizers may want to delete suspicious-looking content when spotting it, there is a non-negligible risk of such an attack to succeed. The risk of this could be further increased when combined with some some social engineering pointing the victim towards this content. Users need to update to Indico 3.2.6 as soon as possible. See the docs for instructions on how to update. Users who cannot upgrade should only let trustworthy users manage categories, create events or upload materials ("submission" privileges on a contribution/event). This should already be the case in a properly-configured setup when it comes to category/event management. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows.

CVE ID : CVE-2023-37901
Source : security-advisories@github.com
Score CVSS : 5.4

Références :
https://docs.getindico.io/en/stable/installation/upgrade/ | source : security-advisories@github.com
https://github.com/indico/indico/commit/2ee636d318653fb1ab193803dafbfe3e371d4130 | source : security-advisories@github.com
https://github.com/indico/indico/releases/tag/v3.2.6 | source : security-advisories@github.com
https://github.com/indico/indico/security/advisories/GHSA-fmqq-25x9-c6hm | source : security-advisories@github.com

Vulnérabilité : CWE-79


Source : microsoft.com

Vulnérabilité ID : CVE-2023-38187

Première publication le : 21-07-2023 18:15:10
Dernière modification le : 21-07-2023 18:15:10

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-38187
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35392

Première publication le : 21-07-2023 18:15:10
Dernière modification le : 21-07-2023 18:15:10

Description :
Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE ID : CVE-2023-35392
Source : secure@microsoft.com
Score CVSS : 4.7

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35392 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38173

Première publication le : 21-07-2023 18:15:10
Dernière modification le : 21-07-2023 18:15:10

Description :
Microsoft Edge for Android Spoofing Vulnerability

CVE ID : CVE-2023-38173
Source : secure@microsoft.com
Score CVSS : 4.3

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38173 | source : secure@microsoft.com


Source : vuldb.com

Vulnérabilité ID : CVE-2023-3806

Première publication le : 21-07-2023 02:15:10
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235074 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3806
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/GZRsecurity/Cve-System/blob/main/House%20Rental%20and%20Property%20Listing%20System%20register.php%20has%20%20File%20Upload(RCE)%20Vulnerability.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235074 | source : cna@vuldb.com
https://vuldb.com/?id.235074 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3807

Première publication le : 21-07-2023 03:15:10
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235075.

CVE ID : CVE-2023-3807
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235075 | source : cna@vuldb.com
https://vuldb.com/?id.235075 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3808

Première publication le : 21-07-2023 03:15:10
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235076.

CVE ID : CVE-2023-3808
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patientforgotpassword.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235076 | source : cna@vuldb.com
https://vuldb.com/?id.235076 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3809

Première publication le : 21-07-2023 04:15:15
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235077 was assigned to this vulnerability.

CVE ID : CVE-2023-3809
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patient.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235077 | source : cna@vuldb.com
https://vuldb.com/?id.235077 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3810

Première publication le : 21-07-2023 04:15:16
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235078 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3810
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patientappointment.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235078 | source : cna@vuldb.com
https://vuldb.com/?id.235078 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3811

Première publication le : 21-07-2023 05:15:15
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235079.

CVE ID : CVE-2023-3811
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patientprofile.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235079 | source : cna@vuldb.com
https://vuldb.com/?id.235079 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3826

Première publication le : 22-07-2023 07:15:09
Dernière modification le : 22-07-2023 07:15:09

Description :
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resumeid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3826
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Wkingxc/CVE/blob/master/ibos_OA.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235147 | source : cna@vuldb.com
https://vuldb.com/?id.235147 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3836

Première publication le : 22-07-2023 18:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3836
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/qiuhuihk/cve/blob/main/upload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235162 | source : cna@vuldb.com
https://vuldb.com/?id.235162 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3850

Première publication le : 23-07-2023 10:15:09
Dernière modification le : 23-07-2023 10:15:09

Description :
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.

CVE ID : CVE-2023-3850
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.235201 | source : cna@vuldb.com
https://vuldb.com/?id.235201 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3854

Première publication le : 23-07-2023 23:15:09
Dernière modification le : 23-07-2023 23:15:09

Description :
A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3854
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.235206 | source : cna@vuldb.com
https://vuldb.com/?id.235206 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3859

Première publication le : 24-07-2023 02:15:09
Dernière modification le : 24-07-2023 02:15:09

Description :
A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3859
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.235211 | source : cna@vuldb.com
https://vuldb.com/?id.235211 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3801

Première publication le : 21-07-2023 00:15:10
Dernière modification le : 22-07-2023 15:15:09

Description :
A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3801
Source : cna@vuldb.com
Score CVSS : 5.5

Références :
http://web.archive.org/web/20230722143348/https://github.com/funnn7/cve/blob/main/sql.md | source : cna@vuldb.com
https://github.com/Wkingxc/CVE/blob/master/ibos_OA_1.md | source : cna@vuldb.com
https://github.com/funnn7/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235069 | source : cna@vuldb.com
https://vuldb.com/?id.235069 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3802

Première publication le : 21-07-2023 00:15:10
Dernière modification le : 21-07-2023 12:52:32

Description :
A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Controller/Ajaxfileupload.ashx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235070 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3802
Source : cna@vuldb.com
Score CVSS : 5.5

Références :
https://github.com/GUIqizsq/cve/blob/main/upload_1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235070 | source : cna@vuldb.com
https://vuldb.com/?id.235070 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3804

Première publication le : 21-07-2023 01:15:11
Dernière modification le : 21-07-2023 12:52:32

Description :
A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3804
Source : cna@vuldb.com
Score CVSS : 5.5

Références :
https://github.com/yueying638/cve/blob/main/upload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235072 | source : cna@vuldb.com
https://vuldb.com/?id.235072 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3852

Première publication le : 23-07-2023 22:15:09
Dernière modification le : 23-07-2023 22:15:09

Description :
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-235204.

CVE ID : CVE-2023-3852
Source : cna@vuldb.com
Score CVSS : 4.7

Références :
https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe | source : cna@vuldb.com
https://github.com/OpenRapid/rapidcms/issues/1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.235204 | source : cna@vuldb.com
https://vuldb.com/?id.235204 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3841

Première publication le : 23-07-2023 03:15:10
Dernière modification le : 23-07-2023 03:15:10

Description :
A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3841
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://vuldb.com/?ctiid.235192 | source : cna@vuldb.com
https://vuldb.com/?id.235192 | source : cna@vuldb.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-3839

Première publication le : 23-07-2023 02:15:11
Dernière modification le : 23-07-2023 02:15:11

Description :
A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3839
Source : cna@vuldb.com
Score CVSS : 4.1

Références :
https://github.com/TXPH/CVE/blob/main/sqli-report.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235190 | source : cna@vuldb.com
https://vuldb.com/?id.235190 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Source : otrs.com

Vulnérabilité ID : CVE-2023-38060

Première publication le : 24-07-2023 09:15:10
Dernière modification le : 24-07-2023 09:15:10

Description :
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CVE ID : CVE-2023-38060
Source : security@otrs.com
Score CVSS : 6.3

Références :
https://otrs.com/release-notes/otrs-security-advisory-2023-04/ | source : security@otrs.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-38057

Première publication le : 24-07-2023 09:15:09
Dernière modification le : 24-07-2023 09:15:09

Description :
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

CVE ID : CVE-2023-38057
Source : security@otrs.com
Score CVSS : 4.1

Références :
https://otrs.com/release-notes/otrs-security-advisory-2023-06/ | source : security@otrs.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-38058

Première publication le : 24-07-2023 09:15:10
Dernière modification le : 24-07-2023 09:15:10

Description :
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35.

CVE ID : CVE-2023-38058
Source : security@otrs.com
Score CVSS : 4.1

Références :
https://otrs.com/release-notes/otrs-security-advisory-2023-07/ | source : security@otrs.com

Vulnérabilité : CWE-269


Source : huntr.dev

Vulnérabilité ID : CVE-2023-3821

Première publication le : 21-07-2023 15:15:10
Dernière modification le : 21-07-2023 15:15:10

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE ID : CVE-2023-3821
Source : security@huntr.dev
Score CVSS : 6.1

Références :
https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c | source : security@huntr.dev
https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3822

Première publication le : 21-07-2023 15:15:10
Dernière modification le : 21-07-2023 15:15:10

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE ID : CVE-2023-3822
Source : security@huntr.dev
Score CVSS : 6.0

Références :
https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236 | source : security@huntr.dev
https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5 | source : security@huntr.dev

Vulnérabilité : CWE-79


Source : us.ibm.com

Vulnérabilité ID : CVE-2023-28530

Première publication le : 22-07-2023 02:15:47
Dernière modification le : 22-07-2023 02:15:47

Description :
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.

CVE ID : CVE-2023-28530
Source : psirt@us.ibm.com
Score CVSS : 5.4

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/251214 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7012621 | source : psirt@us.ibm.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25929

Première publication le : 22-07-2023 02:15:47
Dernière modification le : 22-07-2023 02:15:47

Description :
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.

CVE ID : CVE-2023-25929
Source : psirt@us.ibm.com
Score CVSS : 4.6

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7012621 | source : psirt@us.ibm.com

Vulnérabilité : CWE-79


Source : gitlab.com

Vulnérabilité ID : CVE-2023-3102

Première publication le : 21-07-2023 16:15:10
Dernière modification le : 21-07-2023 16:15:10

Description :
A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

CVE ID : CVE-2023-3102
Source : cve@gitlab.com
Score CVSS : 5.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/414269 | source : cve@gitlab.com
https://hackerone.com/reports/2012073 | source : cve@gitlab.com

Vulnérabilité : CWE-200


(32) Vulnérabilité(s) LOW [0.1, 3.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-3815

Première publication le : 21-07-2023 05:15:15
Dernière modification le : 21-07-2023 12:52:26

Description :
A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3815
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://gitee.com/y_project/RuoYi/issues/I7IL85 | source : cna@vuldb.com
https://vuldb.com/?ctiid.235118 | source : cna@vuldb.com
https://vuldb.com/?id.235118 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3827

Première publication le : 22-07-2023 09:15:09
Dernière modification le : 22-07-2023 09:15:09

Description :
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3827
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235148 | source : cna@vuldb.com
https://vuldb.com/?id.235148 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3828

Première publication le : 22-07-2023 11:15:09
Dernière modification le : 22-07-2023 11:15:09

Description :
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3828
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235149 | source : cna@vuldb.com
https://vuldb.com/?id.235149 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3829

Première publication le : 22-07-2023 12:15:09
Dernière modification le : 22-07-2023 12:15:09

Description :
A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. VDB-235150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3829
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235150 | source : cna@vuldb.com
https://vuldb.com/?id.235150 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3830

Première publication le : 22-07-2023 15:15:09
Dernière modification le : 22-07-2023 15:15:09

Description :
A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /company/store. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3830
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235151 | source : cna@vuldb.com
https://vuldb.com/?id.235151 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3831

Première publication le : 22-07-2023 15:15:09
Dernière modification le : 22-07-2023 15:15:09

Description :
A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3831
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235157 | source : cna@vuldb.com
https://vuldb.com/?id.235157 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3832

Première publication le : 22-07-2023 16:15:09
Dernière modification le : 22-07-2023 16:15:09

Description :
A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic. Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-235158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3832
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235158 | source : cna@vuldb.com
https://vuldb.com/?id.235158 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3833

Première publication le : 22-07-2023 16:15:09
Dernière modification le : 22-07-2023 16:15:09

Description :
A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3833
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235159 | source : cna@vuldb.com
https://vuldb.com/?id.235159 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3834

Première publication le : 22-07-2023 17:15:09
Dernière modification le : 22-07-2023 17:15:09

Description :
A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3834
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235160 | source : cna@vuldb.com
https://vuldb.com/?id.235160 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3835

Première publication le : 22-07-2023 18:15:10
Dernière modification le : 22-07-2023 18:15:10

Description :
A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. This affects an unknown part of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3835
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235161 | source : cna@vuldb.com
https://vuldb.com/?id.235161 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3840

Première publication le : 23-07-2023 03:15:09
Dernière modification le : 23-07-2023 03:15:09

Description :
A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5. This affects an unknown part of the file /report,daily.jsp?stime=2023%2F07%2F12&timeOption=yesterday&. The manipulation of the argument user leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3840
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235191 | source : cna@vuldb.com
https://vuldb.com/?id.235191 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3843

Première publication le : 23-07-2023 05:15:08
Dernière modification le : 23-07-2023 05:15:08

Description :
A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3843
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235194 | source : cna@vuldb.com
https://vuldb.com/?id.235194 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3844

Première publication le : 23-07-2023 06:15:09
Dernière modification le : 23-07-2023 06:15:09

Description :
A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3844
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235195 | source : cna@vuldb.com
https://vuldb.com/?id.235195 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3845

Première publication le : 23-07-2023 06:15:09
Dernière modification le : 23-07-2023 06:15:09

Description :
A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3845
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235196 | source : cna@vuldb.com
https://vuldb.com/?id.235196 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3846

Première publication le : 23-07-2023 07:15:09
Dernière modification le : 23-07-2023 07:15:09

Description :
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3846
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235197 | source : cna@vuldb.com
https://vuldb.com/?id.235197 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3847

Première publication le : 23-07-2023 08:15:09
Dernière modification le : 23-07-2023 08:15:09

Description :
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3847
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235198 | source : cna@vuldb.com
https://vuldb.com/?id.235198 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3848

Première publication le : 23-07-2023 08:15:09
Dernière modification le : 23-07-2023 08:15:09

Description :
A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3848
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235199 | source : cna@vuldb.com
https://vuldb.com/?id.235199 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3849

Première publication le : 23-07-2023 09:15:09
Dernière modification le : 23-07-2023 09:15:09

Description :
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3849
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235200 | source : cna@vuldb.com
https://vuldb.com/?id.235200 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3853

Première publication le : 23-07-2023 23:15:09
Dernière modification le : 23-07-2023 23:15:09

Description :
A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3853
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235205 | source : cna@vuldb.com
https://vuldb.com/?id.235205 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3855

Première publication le : 24-07-2023 00:15:09
Dernière modification le : 24-07-2023 00:15:09

Description :
A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5. Affected by this vulnerability is an unknown functionality of the file /search-result.php. The manipulation of the argument kw/lc/ct/cp/p leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235207. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3855
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235207 | source : cna@vuldb.com
https://vuldb.com/?id.235207 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3856

Première publication le : 24-07-2023 01:15:08
Dernière modification le : 24-07-2023 01:15:08

Description :
A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Affected by this issue is some unknown functionality of the file /blog-single.php. The manipulation of the argument slug leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235208. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3856
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235208 | source : cna@vuldb.com
https://vuldb.com/?id.235208 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3857

Première publication le : 24-07-2023 01:15:08
Dernière modification le : 24-07-2023 01:15:08

Description :
A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3857
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235209 | source : cna@vuldb.com
https://vuldb.com/?id.235209 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3858

Première publication le : 24-07-2023 02:15:09
Dernière modification le : 24-07-2023 02:15:09

Description :
A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3858
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235210 | source : cna@vuldb.com
https://vuldb.com/?id.235210 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3860

Première publication le : 24-07-2023 03:15:09
Dernière modification le : 24-07-2023 03:15:09

Description :
A vulnerability was found in phpscriptpoint Insurance 1.2. It has been classified as problematic. Affected is an unknown function of the file /page.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235212. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3860
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235212 | source : cna@vuldb.com
https://vuldb.com/?id.235212 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3861

Première publication le : 24-07-2023 03:15:09
Dernière modification le : 24-07-2023 03:15:09

Description :
A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3861
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235213 | source : cna@vuldb.com
https://vuldb.com/?id.235213 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3862

Première publication le : 24-07-2023 04:15:09
Dernière modification le : 24-07-2023 04:15:09

Description :
A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. VDB-235214 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3862
Source : cna@vuldb.com
Score CVSS : 3.1

Références :
https://vuldb.com/?ctiid.235214 | source : cna@vuldb.com
https://vuldb.com/?id.235214 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3803

Première publication le : 21-07-2023 01:15:11
Dernière modification le : 21-07-2023 12:52:32

Description :
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3803
Source : cna@vuldb.com
Score CVSS : 2.6

Références :
https://github.com/GUIqizsq/cve/blob/main/upload_2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235071 | source : cna@vuldb.com
https://vuldb.com/?id.235071 | source : cna@vuldb.com

Vulnérabilité : CWE-330


Vulnérabilité ID : CVE-2023-3837

Première publication le : 22-07-2023 21:15:09
Dernière modification le : 22-07-2023 21:15:09

Description :
A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/sys_sql_query.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3837
Source : cna@vuldb.com
Score CVSS : 2.4

Références :
https://github.com/TXPH/CVE/blob/main/xss-report.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235188 | source : cna@vuldb.com
https://vuldb.com/?id.235188 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3838

Première publication le : 23-07-2023 02:15:11
Dernière modification le : 23-07-2023 02:15:11

Description :
A vulnerability classified as problematic was found in DedeBIZ 6.2.10. Affected by this vulnerability is an unknown functionality of the file /admin/vote_edit.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3838
Source : cna@vuldb.com
Score CVSS : 2.4

Références :
https://github.com/TXPH/CVE/blob/main/xss-report2.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235189 | source : cna@vuldb.com
https://vuldb.com/?id.235189 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Source : esri.com

Vulnérabilité ID : CVE-2023-25840

Première publication le : 21-07-2023 19:15:10
Dernière modification le : 21-07-2023 19:15:10

Description :
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.

CVE ID : CVE-2023-25840
Source : psirt@esri.com
Score CVSS : 3.4

Références :
https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available/ | source : psirt@esri.com

Vulnérabilité : CWE-79


Source : redhat.com

Vulnérabilité ID : CVE-2023-3603

Première publication le : 21-07-2023 20:15:16
Dernière modification le : 21-07-2023 20:15:16

Description :
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

CVE ID : CVE-2023-3603
Source : secalert@redhat.com
Score CVSS : 3.1

Références :
https://access.redhat.com/security/cve/CVE-2023-3603 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2221791 | source : secalert@redhat.com


Source : php.net

Vulnérabilité ID : CVE-2023-3247

Première publication le : 22-07-2023 05:15:37
Dernière modification le : 22-07-2023 05:15:37

Description :
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

CVE ID : CVE-2023-3247
Source : security@php.net
Score CVSS : 2.6

Références :
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw | source : security@php.net

Vulnérabilité : CWE-252
Vulnérabilité : CWE-330


(17) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-32624

Première publication le : 21-07-2023 01:15:10
Dernière modification le : 21-07-2023 12:52:32

Description :
Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

CVE ID : CVE-2023-32624
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN90560760/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-32625

Première publication le : 21-07-2023 01:15:10
Dernière modification le : 21-07-2023 12:52:32

Description :
Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.

CVE ID : CVE-2023-32625
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN90560760/ | source : vultures@jpcert.or.jp


Source : mitre.org

Vulnérabilité ID : CVE-2023-38632

Première publication le : 21-07-2023 02:15:09
Dernière modification le : 21-07-2023 12:52:26

Description :
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.

CVE ID : CVE-2023-38632
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/eminfedar/async-sockets-cpp/issues/31 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38646

Première publication le : 21-07-2023 15:15:10
Dernière modification le : 22-07-2023 15:15:09

Description :
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

CVE ID : CVE-2023-38646
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/metabase/metabase/issues/32552 | source : cve@mitre.org
https://github.com/metabase/metabase/releases/tag/v0.46.6.1 | source : cve@mitre.org
https://news.ycombinator.com/item?id=36812256 | source : cve@mitre.org
https://www.metabase.com/blog/security-advisory | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37742

Première publication le : 21-07-2023 16:15:09
Dernière modification le : 21-07-2023 16:15:09

Description :
WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.

CVE ID : CVE-2023-37742
Source : cve@mitre.org
Score CVSS : /

Références :
https://webboss.feedbear.com/updates | source : cve@mitre.org
https://webboss.io/page/bughunter-acknowledgments.html | source : cve@mitre.org
https://www.realinfosec.net/advisories/WEBBOSS-XSS-2022-0xd3fcf.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-35391

Première publication le : 21-07-2023 20:15:11
Dernière modification le : 21-07-2023 20:15:11

Description :
Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL.

CVE ID : CVE-2021-35391
Source : cve@mitre.org
Score CVSS : /

Références :
http://deskpro.com | source : cve@mitre.org
https://sayaanalam.github.io/CVE-2021-35391.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36339

Première publication le : 21-07-2023 20:15:15
Dernière modification le : 21-07-2023 20:15:15

Description :
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup Tool via a crafted GET request.

CVE ID : CVE-2023-36339
Source : cve@mitre.org
Score CVSS : /

Références :
https://webboss.feedbear.com/updates | source : cve@mitre.org
https://www.realinfosec.net/advisories/WEBBOSS-CMS-IDOR-2023-0xv3jsv.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38195

Première publication le : 22-07-2023 17:15:09
Dernière modification le : 22-07-2023 17:15:09

Description :
Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account.

CVE ID : CVE-2023-38195
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/datalust/seq-tickets/issues/1886 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38633

Première publication le : 22-07-2023 17:15:09
Dernière modification le : 22-07-2023 17:15:09

Description :
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

CVE ID : CVE-2023-38633
Source : cve@mitre.org
Score CVSS : /

Références :
https://bugzilla.suse.com/show_bug.cgi?id=1213502 | source : cve@mitre.org
https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 | source : cve@mitre.org
https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3 | source : cve@mitre.org


Source : hp.com

Vulnérabilité ID : CVE-2023-26301

Première publication le : 21-07-2023 17:15:10
Dernière modification le : 21-07-2023 17:15:10

Description :
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

CVE ID : CVE-2023-26301
Source : hp-security-alert@hp.com
Score CVSS : /

Références :
https://support.hp.com/us-en/document/ish_8746769-8746795-16/hpsbpi03855 | source : hp-security-alert@hp.com


Source : redhat.com

Vulnérabilité ID : CVE-2023-2430

Première publication le : 23-07-2023 02:15:11
Dernière modification le : 23-07-2023 02:15:11

Description :
A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.

CVE ID : CVE-2023-2430
Source : secalert@redhat.com
Score CVSS : /

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e12d7a46f65ae4b7d58a5e0c1cbfa825cf8 | source : secalert@redhat.com

Vulnérabilité : CWE-413


Source : checkpoint.com

Vulnérabilité ID : CVE-2023-28133

Première publication le : 23-07-2023 10:15:09
Dernière modification le : 23-07-2023 12:15:09

Description :
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file

CVE ID : CVE-2023-28133
Source : cve@checkpoint.com
Score CVSS : /

Références :
https://support.checkpoint.com/results/sk/sk181276 | source : cve@checkpoint.com

Vulnérabilité : CWE-732


Source : wpscan.com

Vulnérabilité ID : CVE-2023-2309

Première publication le : 24-07-2023 11:15:09
Dernière modification le : 24-07-2023 11:15:09

Description :
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.

CVE ID : CVE-2023-2309
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-2761

Première publication le : 24-07-2023 11:15:09
Dernière modification le : 24-07-2023 11:15:09

Description :
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.

CVE ID : CVE-2023-2761
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba | source : contact@wpscan.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3248

Première publication le : 24-07-2023 11:15:09
Dernière modification le : 24-07-2023 11:15:09

Description :
The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-3248
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/90c7496b-552f-4566-b7ae-8c953c965352 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3344

Première publication le : 24-07-2023 11:15:09
Dernière modification le : 24-07-2023 11:15:09

Description :
The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-3344
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/d27bc628-3de1-421e-8a67-150e9d7a96dd | source : contact@wpscan.com

Vulnérabilité : CWE-79


Source : mozilla.org

Vulnérabilité ID : CVE-2023-3417

Première publication le : 24-07-2023 11:15:09
Dernière modification le : 24-07-2023 11:15:09

Description :
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1.

CVE ID : CVE-2023-3417
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1835582 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-27/ | source : security@mozilla.org


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.