Latest vulnerabilities of Friday, October 27, 2023

Latest vulnerabilities of Friday, October 27, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/27/2023 at 11:58:01 PM

(9) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : apache.org

Vulnerability ID : CVE-2023-46604

First published on : 27-10-2023 15:15:14
Last modified on : 27-10-2023 18:15:21

Description :
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.

CVE ID : CVE-2023-46604
Source : security@apache.org
CVSS Score : 10.0

References :
http://www.openwall.com/lists/oss-security/2023/10/27/5 | source : security@apache.org
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt | source : security@apache.org

Vulnerability : CWE-502


Source : fluidattacks.com

Vulnerability ID : CVE-2023-43738

First published on : 27-10-2023 03:15:07
Last modified on : 27-10-2023 12:41:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-43738
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44162

First published on : 27-10-2023 03:15:08
Last modified on : 27-10-2023 12:41:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44162
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44375

First published on : 27-10-2023 03:15:08
Last modified on : 27-10-2023 12:41:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44375
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44376

First published on : 27-10-2023 13:15:08
Last modified on : 27-10-2023 13:15:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44376
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44377

First published on : 27-10-2023 13:15:08
Last modified on : 27-10-2023 13:15:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44377
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44480

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44480
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/martin/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Source : usom.gov.tr

Vulnerability ID : CVE-2023-5807

First published on : 27-10-2023 13:15:08
Last modified on : 27-10-2023 13:15:08

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.

CVE ID : CVE-2023-5807
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0608 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Source : wordfence.com

Vulnerability ID : CVE-2023-5820

First published on : 27-10-2023 12:15:08
Last modified on : 27-10-2023 12:41:08

Description :
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5820
Source : security@wordfence.com
CVSS Score : 9.6

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/plugins/wp-responsive-slider-with-lightbox | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


(18) HIGH VULNERABILITIES [7.0, 8.9]

Source : lenovo.com

Vulnerability ID : CVE-2022-34886

First published on : 27-10-2023 19:15:40
Last modified on : 27-10-2023 19:15:40

Description :
A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.

CVE ID : CVE-2022-34886
Source : psirt@lenovo.com
CVSS Score : 8.8

References :
https://iknow.lenovo.com.cn/detail/205041.html | source : psirt@lenovo.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2022-3701

First published on : 27-10-2023 20:15:08
Last modified on : 27-10-2023 20:15:08

Description :
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

CVE ID : CVE-2022-3701
Source : psirt@lenovo.com
CVSS Score : 7.8

References :
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2022-3611

First published on : 27-10-2023 20:15:08
Last modified on : 27-10-2023 20:15:08

Description :
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

CVE ID : CVE-2022-3611
Source : psirt@lenovo.com
CVSS Score : 7.6

References :
https://iknow.lenovo.com.cn/detail/205280.html | source : psirt@lenovo.com

Vulnerability : CWE-200


Source : citrix.com

Vulnerability ID : CVE-2023-4967

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

CVE ID : CVE-2023-4967
Source : secure@citrix.com
CVSS Score : 8.2

References :
https://support.citrix.com/article/CTX579459/ | source : secure@citrix.com

Vulnerability : CWE-119


Source : rockwellautomation.com

Vulnerability ID : CVE-2023-46290

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.

CVE ID : CVE-2023-46290
Source : PSIRT@rockwellautomation.com
CVSS Score : 8.1

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27854

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.

CVE ID : CVE-2023-27854
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.8

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-27858

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.

CVE ID : CVE-2023-27858
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.8

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-824


Vulnerability ID : CVE-2023-46289

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

CVE ID : CVE-2023-46289
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.5

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-20


Source : vmware.com

Vulnerability ID : CVE-2023-34057

First published on : 27-10-2023 05:15:38
Last modified on : 27-10-2023 12:41:08

Description :
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

CVE ID : CVE-2023-34057
Source : security@vmware.com
CVSS Score : 7.8

References :
https://www.vmware.com/security/advisories/VMSA-2023-0024.html | source : security@vmware.com


Vulnerability ID : CVE-2023-34058

First published on : 27-10-2023 05:15:38
Last modified on : 27-10-2023 12:41:08

Description :
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CVE ID : CVE-2023-34058
Source : security@vmware.com
CVSS Score : 7.5

References :
http://www.openwall.com/lists/oss-security/2023/10/27/1 | source : security@vmware.com
https://www.vmware.com/security/advisories/VMSA-2023-0024.html | source : security@vmware.com


Vulnerability ID : CVE-2023-34059

First published on : 27-10-2023 05:15:39
Last modified on : 27-10-2023 12:41:08

Description :
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

CVE ID : CVE-2023-34059
Source : security@vmware.com
CVSS Score : 7.4

References :
http://www.openwall.com/lists/oss-security/2023/10/27/2 | source : security@vmware.com
http://www.openwall.com/lists/oss-security/2023/10/27/3 | source : security@vmware.com
https://www.vmware.com/security/advisories/VMSA-2023-0024.html | source : security@vmware.com


Source : usom.gov.tr

Vulnerability ID : CVE-2023-5570

First published on : 27-10-2023 12:15:08
Last modified on : 27-10-2023 12:41:08

Description :
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.

CVE ID : CVE-2023-5570
Source : cve@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-23-0609 | source : cve@usom.gov.tr

Vulnerability : CWE-1320


Vulnerability ID : CVE-2023-5443

First published on : 27-10-2023 14:15:08
Last modified on : 27-10-2023 14:15:08

Description :
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.

CVE ID : CVE-2023-5443
Source : cve@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-23-0610 | source : cve@usom.gov.tr

Vulnerability : CWE-1320


Source : vuldb.com

Vulnerability ID : CVE-2023-5828

First published on : 27-10-2023 20:15:09
Last modified on : 27-10-2023 20:15:09

Description :
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.

CVE ID : CVE-2023-5828
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/Echosssy/-SQL-injection/blob/main/%E5%8D%97%E5%AE%81%E5%B8%82%E5%AE%89%E6%8B%93%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8SQL%20injection.doc | source : cna@vuldb.com
https://vuldb.com/?ctiid.243727 | source : cna@vuldb.com
https://vuldb.com/?id.243727 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5830

First published on : 27-10-2023 21:15:10
Last modified on : 27-10-2023 21:15:10

Description :
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.

CVE ID : CVE-2023-5830
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://vuldb.com/?ctiid.243729 | source : cna@vuldb.com
https://vuldb.com/?id.243729 | source : cna@vuldb.com

Vulnerability : CWE-287


Source : patchstack.com

Vulnerability ID : CVE-2023-46153

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.

CVE ID : CVE-2023-46153
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46208

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.

CVE ID : CVE-2023-46208
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46209

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.

CVE ID : CVE-2023-46209
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/grid-plus/wordpress-grid-plus-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(26) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : lenovo.com

Vulnerability ID : CVE-2022-3429

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

CVE ID : CVE-2022-3429
Source : psirt@lenovo.com
CVSS Score : 6.5

References :
https://iknow.lenovo.com.cn/detail/205041.html | source : psirt@lenovo.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2022-3681

First published on : 27-10-2023 20:15:08
Last modified on : 27-10-2023 20:15:08

Description :
A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.

CVE ID : CVE-2022-3681
Source : psirt@lenovo.com
CVSS Score : 6.5

References :
https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523 | source : psirt@lenovo.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2022-3700

First published on : 27-10-2023 20:15:08
Last modified on : 27-10-2023 20:15:08

Description :
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

CVE ID : CVE-2022-3700
Source : psirt@lenovo.com
CVSS Score : 6.1

References :
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2022-3702

First published on : 27-10-2023 20:15:08
Last modified on : 27-10-2023 20:15:08

Description :
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.

CVE ID : CVE-2022-3702
Source : psirt@lenovo.com
CVSS Score : 6.1

References :
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2022-34887

First published on : 27-10-2023 19:15:40
Last modified on : 27-10-2023 19:15:40

Description :
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

CVE ID : CVE-2022-34887
Source : psirt@lenovo.com
CVSS Score : 4.3

References :
https://iknow.lenovo.com.cn/detail/205041.html | source : psirt@lenovo.com

Vulnerability : CWE-287


Source : patchstack.com

Vulnerability ID : CVE-2023-46211

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.

CVE ID : CVE-2023-46211
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46091

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

CVE ID : CVE-2023-46091
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46093

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions.

CVE ID : CVE-2023-46093
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46192

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.

CVE ID : CVE-2023-46192
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/internal-link-building-plugin/wordpress-internal-link-building-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46199

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions.

CVE ID : CVE-2023-46199
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/triberr-wordpress-plugin/wordpress-triberr-plugin-4-1-1-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32738

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.

CVE ID : CVE-2023-32738
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/eonet-manual-user-approve/wordpress-eonet-manual-user-approve-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46200

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.

CVE ID : CVE-2023-46200
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-3-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46194

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions.

CVE ID : CVE-2023-46194
Source : audit@patchstack.com
CVSS Score : 5.8

References :
https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : wordfence.com

Vulnerability ID : CVE-2023-5051

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5051
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/callrail-phone-call-tracking/tags/0.5.2/callrail.php#L174 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2982876/callrail-phone-call-tracking#file0 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5774

First published on : 27-10-2023 11:15:13
Last modified on : 27-10-2023 12:41:08

Description :
The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5774
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://drive.google.com/file/d/1zXWW545ktCznO36k90AN0APhTz8ky-gG/view?usp=sharing | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2984228/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5817

First published on : 27-10-2023 11:15:13
Last modified on : 27-10-2023 12:41:08

Description :
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5817
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://drive.google.com/file/d/125xS3GVMr7_qo5HjWvXaXixuE_R-q_u3/view?usp=sharing | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984188%40neon-text&new=2984188%40neon-text&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9998485-e272-48fc-b2f1-9e30158d0d16?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5705

First published on : 27-10-2023 12:15:08
Last modified on : 27-10-2023 12:41:08

Description :
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5705
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/vk-filter-search/tags/2.3.1/inc/filter-search/package/class-vk-filter-search-shortcode.php#L40 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2983339/vk-filter-search#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5821

First published on : 27-10-2023 12:15:09
Last modified on : 27-10-2023 12:41:08

Description :
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5821
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/1263536/wp-responsive-slider-with-lightbox/trunk/wp-responsive-slider-with-lightbox.php | source : security@wordfence.com
https://wordpress.org/plugins/wp-responsive-thumbnail-slider | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2023-5813

First published on : 27-10-2023 02:15:07
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644.

CVE ID : CVE-2023-5813
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.243644 | source : cna@vuldb.com
https://vuldb.com/?id.243644 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5814

First published on : 27-10-2023 02:15:07
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.

CVE ID : CVE-2023-5814
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.243645 | source : cna@vuldb.com
https://vuldb.com/?id.243645 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5829

First published on : 27-10-2023 20:15:09
Last modified on : 27-10-2023 20:15:09

Description :
A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728.

CVE ID : CVE-2023-5829
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/lxxcute/Bug/blob/main/Admission%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243728 | source : cna@vuldb.com
https://vuldb.com/?id.243728 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5826

First published on : 27-10-2023 18:15:22
Last modified on : 27-10-2023 18:15:22

Description :
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-5826
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Cubi123123123/cve/blob/main/NS-ASG-sql-list_onlineuser.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243716 | source : cna@vuldb.com
https://vuldb.com/?id.243716 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5827

First published on : 27-10-2023 18:15:22
Last modified on : 27-10-2023 18:15:22

Description :
A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability.

CVE ID : CVE-2023-5827
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Ox1dq/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243717 | source : cna@vuldb.com
https://vuldb.com/?id.243717 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5812

First published on : 27-10-2023 02:15:07
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643.

CVE ID : CVE-2023-5812
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/flusity/flusity-CMS/issues/4 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243643 | source : cna@vuldb.com
https://vuldb.com/?id.243643 | source : cna@vuldb.com

Vulnerability : CWE-434


Source : github.com

Vulnerability ID : CVE-2023-29009

First published on : 27-10-2023 20:15:09
Last modified on : 27-10-2023 20:15:09

Description :
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.

CVE ID : CVE-2023-29009
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://basercms.net/security/JVN_45547161 | source : security-advisories@github.com
https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0 | source : security-advisories@github.com
https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46246

First published on : 27-10-2023 19:15:41
Last modified on : 27-10-2023 19:15:41

Description :
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

CVE ID : CVE-2023-46246
Source : security-advisories@github.com
CVSS Score : 4.0

References :
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a | source : security-advisories@github.com
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm | source : security-advisories@github.com

Vulnerability : CWE-190
Vulnerability : CWE-416


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-5810

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.

CVE ID : CVE-2023-5810
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 | source : cna@vuldb.com
https://github.com/flusity/flusity-CMS/issues/2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243641 | source : cna@vuldb.com
https://vuldb.com/?id.243641 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5811

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5811
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 | source : cna@vuldb.com
https://github.com/flusity/flusity-CMS/issues/3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243642 | source : cna@vuldb.com
https://vuldb.com/?id.243642 | source : cna@vuldb.com

Vulnerability : CWE-79


(46) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-42188

First published on : 27-10-2023 00:15:09
Last modified on : 27-10-2023 12:41:08

Description :
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-42188
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Thecosy/IceCMS/issues/17 | source : cve@mitre.org
https://topdayplus.github.io/2023/10/27/CVE-deatail/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46374

First published on : 27-10-2023 00:15:09
Last modified on : 27-10-2023 12:41:08

Description :
ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).

CVE ID : CVE-2023-46374
Source : cve@mitre.org
CVSS Score : /

References :
https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee | source : cve@mitre.org


Vulnerability ID : CVE-2023-46491

First published on : 27-10-2023 00:15:09
Last modified on : 27-10-2023 12:41:08

Description :
ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.

CVE ID : CVE-2023-46491
Source : cve@mitre.org
CVSS Score : /

References :
https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46375

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-46375
Source : cve@mitre.org
CVSS Score : /

References :
https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-to-csrf-CVE-2023-46375-2d9d9fc2371f483eb436af20508df915 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46376

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.

CVE ID : CVE-2023-46376
Source : cve@mitre.org
CVSS Score : /

References :
https://narrow-payment-2cd.notion.site/zentao-8-7-has-information-disclosure-vulnerability-CVE-2023-46376-537fae3936b84af583b51b74e6010dd7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46505

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.

CVE ID : CVE-2023-46505
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/FanCMS/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46813

First published on : 27-10-2023 03:15:08
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

CVE ID : CVE-2023-46813
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.suse.com/show_bug.cgi?id=1212649 | source : cve@mitre.org
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-45498

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 19:15:41

Description :
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.

CVE ID : CVE-2023-45498
Source : cve@mitre.org
CVSS Score : /

References :
http://seclists.org/fulldisclosure/2023/Oct/31 | source : cve@mitre.org
https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45499

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 19:15:41

Description :
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.

CVE ID : CVE-2023-45499
Source : cve@mitre.org
CVSS Score : /

References :
http://seclists.org/fulldisclosure/2023/Oct/31 | source : cve@mitre.org
https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46503

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.

CVE ID : CVE-2023-46503
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/YXBOOKCMS/issues/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46504

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.

CVE ID : CVE-2023-46504
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/YXBOOKCMS/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46815

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

CVE ID : CVE-2023-46815
Source : cve@mitre.org
CVSS Score : /

References :
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46816

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.

CVE ID : CVE-2023-46816
Source : cve@mitre.org
CVSS Score : /

References :
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-010/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46818

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

CVE ID : CVE-2023-46818
Source : cve@mitre.org
CVSS Score : /

References :
https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46393

First published on : 27-10-2023 14:15:08
Last modified on : 27-10-2023 14:15:08

Description :
gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.

CVE ID : CVE-2023-46393
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/gouguopen/gougucms/issues/I88TKH | source : cve@mitre.org


Vulnerability ID : CVE-2023-46394

First published on : 27-10-2023 14:15:08
Last modified on : 27-10-2023 14:15:08

Description :
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.

CVE ID : CVE-2023-46394
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/gouguopen/gougucms/issues/I88TC0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46407

First published on : 27-10-2023 20:15:09
Last modified on : 27-10-2023 20:15:09

Description :
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

CVE ID : CVE-2023-46407
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962 | source : cve@mitre.org
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen@gmail.com/ | source : cve@mitre.org
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen@gmail.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46852

First published on : 27-10-2023 20:15:09
Last modified on : 27-10-2023 20:15:09

Description :
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.

CVE ID : CVE-2023-46852
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 | source : cve@mitre.org
https://github.com/memcached/memcached/compare/1.6.21...1.6.22 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46853

First published on : 27-10-2023 20:15:09
Last modified on : 27-10-2023 20:15:09

Description :
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

CVE ID : CVE-2023-46853
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa | source : cve@mitre.org
https://github.com/memcached/memcached/compare/1.6.21...1.6.22 | source : cve@mitre.org


Vulnerability ID : CVE-2022-34832

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.

CVE ID : CVE-2022-34832
Source : cve@mitre.org
CVSS Score : /

References :
https://crashpark.weebly.com/blog/xxe-in-agilereporter-213-by-vermeg | source : cve@mitre.org
https://www.vermeg.com/agile-reporter/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-34833

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.

CVE ID : CVE-2022-34833
Source : cve@mitre.org
CVSS Score : /

References :
https://crashpark.weebly.com/blog/1-stored-xss-in-agilereporter-213-by-vermeg | source : cve@mitre.org
https://www.vermeg.com/agile-reporter/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-34834

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

CVE ID : CVE-2022-34834
Source : cve@mitre.org
CVSS Score : /

References :
https://crashpark.weebly.com/blog/2-stored-xss-in-agilereporter-213-by-vermeg | source : cve@mitre.org
https://www.vermeg.com/agile-reporter/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-35794

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

CVE ID : CVE-2023-35794
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking | source : cve@mitre.org
https://www.cassianetworks.com/products/iot-access-controller/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46509

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.

CVE ID : CVE-2023-46509
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46510

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.

CVE ID : CVE-2023-46510
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ATonysan/58ace23d539981441bca16ce0f7585e2 | source : cve@mitre.org


Source : sonicwall.com

Vulnerability ID : CVE-2023-44219

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.

CVE ID : CVE-2023-44219
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0016 | source : PSIRT@sonicwall.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-44220

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.

CVE ID : CVE-2023-44220
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017 | source : PSIRT@sonicwall.com

Vulnerability : CWE-427


Source : android.com

Vulnerability ID : CVE-2023-40116

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40116
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40117

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40117
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945 | source : security@android.com
https://android.googlesource.com/platform/packages/apps/Settings/+/11815817de2f2d70fe842b108356a1bc75d44ffb | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40120

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40120
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40121

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40121
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40123

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40123
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40125

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40125
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40127

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40127
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/packages/providers/MediaProvider/+/747431250612507e8289ae8eb1a56303e79ab678 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40128

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40128
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40129

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40129
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40130

First published on : 27-10-2023 21:15:08
Last modified on : 27-10-2023 21:15:08

Description :
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40130
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40131

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40131
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40133

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40133
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40134

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40134
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40135

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40135
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40136

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40136
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40137

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40137
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40138

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40138
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40139

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40139
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40140

First published on : 27-10-2023 21:15:09
Last modified on : 27-10-2023 21:15:09

Description :
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40140
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.