Latest vulnerabilities of Monday, November 27, 2023 + weekend

Latest vulnerabilities of Monday, November 27, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/27/2023 at 11:57:01 PM

(3) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : github.com

Vulnerability ID : CVE-2023-48312

First published on : 24-11-2023 18:15:07
Last modified on : 27-11-2023 13:52:21

Description :
capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.

CVE ID : CVE-2023-48312
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823 | source : security-advisories@github.com
https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp | source : security-advisories@github.com

Vulnerability : CWE-287


Source : tenable.com

Vulnerability ID : CVE-2023-41998

First published on : 27-11-2023 17:15:07
Last modified on : 27-11-2023 19:03:39

Description :
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

CVE ID : CVE-2023-41998
Source : vulnreport@tenable.com
CVSS Score : 9.8

References :
https://www.tenable.com/security/research/tra-2023-37 | source : vulnreport@tenable.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6329

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

CVE ID : CVE-2023-6329
Source : vulnreport@tenable.com
CVSS Score : 9.8

References :
https://tenable.com/security/research/tra-2023-36 | source : vulnreport@tenable.com

Vulnerability : CWE-287


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : cisco.com

Vulnerability ID : CVE-2023-31275

First published on : 27-11-2023 16:15:07
Last modified on : 27-11-2023 18:15:07

Description :
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-31275
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748 | source : talos-cna@cisco.com

Vulnerability : CWE-457


Vulnerability ID : CVE-2023-32616

First published on : 27-11-2023 16:15:08
Last modified on : 27-11-2023 18:15:07

Description :
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE ID : CVE-2023-32616
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1837 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-35985

First published on : 27-11-2023 16:15:09
Last modified on : 27-11-2023 18:15:07

Description :
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.

CVE ID : CVE-2023-35985
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-38573

First published on : 27-11-2023 16:15:10
Last modified on : 27-11-2023 18:15:07

Description :
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE ID : CVE-2023-38573
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1839 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-39542

First published on : 27-11-2023 16:15:10
Last modified on : 27-11-2023 18:15:07

Description :
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE ID : CVE-2023-39542
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-40194

First published on : 27-11-2023 16:15:10
Last modified on : 27-11-2023 18:15:07

Description :
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE ID : CVE-2023-40194
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-41257

First published on : 27-11-2023 16:15:11
Last modified on : 27-11-2023 18:15:07

Description :
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE ID : CVE-2023-41257
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1838 | source : talos-cna@cisco.com

Vulnerability : CWE-843


Source : github.com

Vulnerability ID : CVE-2022-41951

First published on : 27-11-2023 21:15:07
Last modified on : 27-11-2023 21:15:07

Description :
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

CVE ID : CVE-2022-41951
Source : security-advisories@github.com
CVSS Score : 8.5

References :
https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937 | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48712

First published on : 24-11-2023 17:15:08
Last modified on : 27-11-2023 13:52:21

Description :
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48712
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76 | source : security-advisories@github.com
https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr | source : security-advisories@github.com

Vulnerability : CWE-863


Source : trellix.com

Vulnerability ID : CVE-2023-5607

First published on : 27-11-2023 11:15:08
Last modified on : 27-11-2023 13:52:09

Description :
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

CVE ID : CVE-2023-5607
Source : trellixpsirt@trellix.com
CVSS Score : 8.4

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10411 | source : trellixpsirt@trellix.com

Vulnerability : CWE-22


Source : tenable.com

Vulnerability ID : CVE-2023-41999

First published on : 27-11-2023 17:15:07
Last modified on : 27-11-2023 19:03:39

Description :
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

CVE ID : CVE-2023-41999
Source : vulnreport@tenable.com
CVSS Score : 8.3

References :
https://www.tenable.com/security/research/tra-2023-37 | source : vulnreport@tenable.com

Vulnerability : CWE-287


Source : otrs.com

Vulnerability ID : CVE-2023-6254

First published on : 27-11-2023 10:15:08
Last modified on : 27-11-2023 13:52:09

Description :
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.

CVE ID : CVE-2023-6254
Source : security@otrs.com
CVSS Score : 8.1

References :
https://otrs.com/release-notes/otrs-security-advisory-2023-11/ | source : security@otrs.com

Vulnerability : CWE-522


Source : emc.com

Vulnerability ID : CVE-2023-44303

First published on : 24-11-2023 03:15:07
Last modified on : 24-11-2023 15:24:57

Description :
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.

CVE ID : CVE-2023-44303
Source : security_alert@emc.com
CVSS Score : 7.5

References :
https://www.dell.com/support/kbdoc/en-us/000219712/dsa-2023-426-security-update-for-rvtools-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-310


Source : redhat.com

Vulnerability ID : CVE-2023-6277

First published on : 24-11-2023 19:15:07
Last modified on : 27-11-2023 13:52:21

Description :
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

CVE ID : CVE-2023-6277
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/security/cve/CVE-2023-6277 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2251311 | source : secalert@redhat.com
https://gitlab.com/libtiff/libtiff/-/issues/614 | source : secalert@redhat.com
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 | source : secalert@redhat.com

Vulnerability : CWE-400


Source : huntr.dev

Vulnerability ID : CVE-2023-6293

First published on : 24-11-2023 20:15:07
Last modified on : 27-11-2023 13:52:15

Description :
Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.

CVE ID : CVE-2023-6293
Source : security@huntr.dev
CVSS Score : 7.5

References :
https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78 | source : security@huntr.dev
https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2 | source : security@huntr.dev

Vulnerability : CWE-1321


Source : incibe.es

Vulnerability ID : CVE-2023-4590

First published on : 27-11-2023 13:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.

CVE ID : CVE-2023-4590
Source : cve-coordination@incibe.es
CVSS Score : 7.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-frhed | source : cve-coordination@incibe.es

Vulnerability : CWE-119


Source : vuldb.com

Vulnerability ID : CVE-2023-6304

First published on : 27-11-2023 01:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6304
Source : cna@vuldb.com
CVSS Score : 7.2

References :
https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view | source : cna@vuldb.com
https://vuldb.com/?ctiid.246130 | source : cna@vuldb.com
https://vuldb.com/?id.246130 | source : cna@vuldb.com

Vulnerability : CWE-78


(33) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : tenable.com

Vulnerability ID : CVE-2023-42000

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

CVE ID : CVE-2023-42000
Source : vulnreport@tenable.com
CVSS Score : 6.5

References :
https://www.tenable.com/security/research/tra-2023-37 | source : vulnreport@tenable.com

Vulnerability : CWE-22


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-5885

First published on : 27-11-2023 22:15:08
Last modified on : 27-11-2023 22:15:08

Description :
The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

CVE ID : CVE-2023-5885
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.5

References :
https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02 | source : ics-cert@hq.dhs.gov
https://www.franklinfueling.com/en/contact-us/ | source : ics-cert@hq.dhs.gov
https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/ | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-35


Source : vuldb.com

Vulnerability ID : CVE-2023-6274

First published on : 24-11-2023 14:15:08
Last modified on : 24-11-2023 15:24:57

Description :
A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6274
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Carol7S/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246103 | source : cna@vuldb.com
https://vuldb.com/?id.246103 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6276

First published on : 24-11-2023 16:15:06
Last modified on : 27-11-2023 13:52:21

Description :
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.

CVE ID : CVE-2023-6276
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/YXuanZ1216/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246105 | source : cna@vuldb.com
https://vuldb.com/?id.246105 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6305

First published on : 27-11-2023 01:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131.

CVE ID : CVE-2023-6305
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246131 | source : cna@vuldb.com
https://vuldb.com/?id.246131 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6306

First published on : 27-11-2023 02:15:42
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132.

CVE ID : CVE-2023-6306
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246132 | source : cna@vuldb.com
https://vuldb.com/?id.246132 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6307

First published on : 27-11-2023 02:15:42
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6307
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/N0b1e6/exp/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246133 | source : cna@vuldb.com
https://vuldb.com/?id.246133 | source : cna@vuldb.com

Vulnerability : CWE-23


Vulnerability ID : CVE-2023-6308

First published on : 27-11-2023 02:15:42
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6308
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/gatsby2003/Struts2-046/blob/main/Xiamen%20Four-Faith%20Communication%20Technology%20Co.,%20Ltd.%20video%20surveillance%20management%20system%20has%20a%20command%20execution%20vulnerability.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246134 | source : cna@vuldb.com
https://vuldb.com/?id.246134 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6309

First published on : 27-11-2023 02:15:42
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135.

CVE ID : CVE-2023-6309
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/moses-smt/mosesdecoder/issues/237 | source : cna@vuldb.com
https://vuldb.com/?ctiid.246135 | source : cna@vuldb.com
https://vuldb.com/?id.246135 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-6302

First published on : 27-11-2023 00:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6302
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/t34t/CVE/blob/main/CSZCMS/Code-Execution-Vulnerability-in-cszcmsV1.3.0.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246128 | source : cna@vuldb.com
https://vuldb.com/?id.246128 | source : cna@vuldb.com

Vulnerability : CWE-275


Vulnerability ID : CVE-2023-6310

First published on : 27-11-2023 02:15:43
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136.

CVE ID : CVE-2023-6310
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20browser.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246136 | source : cna@vuldb.com
https://vuldb.com/?id.246136 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6311

First published on : 27-11-2023 02:15:43
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function delete_ltype of the file delete_ltype.php of the component Loan Type Page. The manipulation of the argument ltype_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246137 was assigned to this vulnerability.

CVE ID : CVE-2023-6311
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20deleteltype.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246137 | source : cna@vuldb.com
https://vuldb.com/?id.246137 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6312

First published on : 27-11-2023 03:15:07
Last modified on : 27-11-2023 13:52:09

Description :
A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6312
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20deleteuser.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246138 | source : cna@vuldb.com
https://vuldb.com/?id.246138 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6296

First published on : 26-11-2023 22:15:06
Last modified on : 27-11-2023 17:15:09

Description :
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6296
Source : cna@vuldb.com
CVSS Score : 4.3

References :
http://packetstormsecurity.com/files/175925/osCommerce-4-Cross-Site-Scripting.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.246122 | source : cna@vuldb.com
https://vuldb.com/?id.246122 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6297

First published on : 26-11-2023 23:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.

CVE ID : CVE-2023-6297
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/niv_testing_rxss/blob/main/exploit.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246123 | source : cna@vuldb.com
https://vuldb.com/?id.246123 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6298

First published on : 26-11-2023 23:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6298
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/drive/folders/1OBAeGH_rNfa1os6g6QlIt4pL-2NKHZm_?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.246124 | source : cna@vuldb.com
https://vuldb.com/?id.246124 | source : cna@vuldb.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-6299

First published on : 26-11-2023 23:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.2. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6299
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.246125 | source : cna@vuldb.com
https://vuldb.com/?id.246125 | source : cna@vuldb.com

Vulnerability : CWE-401


Source : apache.org

Vulnerability ID : CVE-2023-40610

First published on : 27-11-2023 11:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.

CVE ID : CVE-2023-40610
Source : security@apache.org
CVSS Score : 6.3

References :
http://www.openwall.com/lists/oss-security/2023/11/27/2 | source : security@apache.org
https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot | source : security@apache.org

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-42501

First published on : 27-11-2023 11:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

CVE ID : CVE-2023-42501
Source : security@apache.org
CVSS Score : 4.3

References :
http://www.openwall.com/lists/oss-security/2023/11/27/3 | source : security@apache.org
https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh | source : security@apache.org

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-43701

First published on : 27-11-2023 11:15:07
Last modified on : 27-11-2023 15:15:07

Description :
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

CVE ID : CVE-2023-43701
Source : security@apache.org
CVSS Score : 4.3

References :
https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892 | source : security@apache.org
https://www.openwall.com/lists/oss-security/2023/11/27/4 | source : security@apache.org

Vulnerability : CWE-79


Source : incibe.es

Vulnerability ID : CVE-2023-4931

First published on : 27-11-2023 14:15:07
Last modified on : 27-11-2023 16:35:06

Description :
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.

CVE ID : CVE-2023-4931
Source : cve-coordination@incibe.es
CVSS Score : 6.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-plesk | source : cve-coordination@incibe.es

Vulnerability : CWE-427


Source : redhat.com

Vulnerability ID : CVE-2023-5871

First published on : 27-11-2023 12:15:07
Last modified on : 27-11-2023 13:52:09

Description :
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

CVE ID : CVE-2023-5871
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-5871 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2247308 | source : secalert@redhat.com
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/ | source : secalert@redhat.com

Vulnerability : CWE-400


Source : github.com

Vulnerability ID : CVE-2023-48707

First published on : 24-11-2023 18:15:07
Last modified on : 27-11-2023 13:52:21

Description :
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48707
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/codeigniter4/shield/commit/f77c6ae20275ac1245330a2b9a523bf7e6f6202f | source : security-advisories@github.com
https://github.com/codeigniter4/shield/security/advisories/GHSA-v427-c49j-8w6x | source : security-advisories@github.com

Vulnerability : CWE-312


Vulnerability ID : CVE-2023-48708

First published on : 24-11-2023 18:15:07
Last modified on : 27-11-2023 13:52:21

Description :
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.

CVE ID : CVE-2023-48708
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://codeigniter4.github.io/shield/getting_started/authenticators/ | source : security-advisories@github.com
https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4 | source : security-advisories@github.com
https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w | source : security-advisories@github.com

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-32062

First published on : 27-11-2023 22:15:07
Last modified on : 27-11-2023 22:15:07

Description :
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

CVE ID : CVE-2023-32062
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b | source : security-advisories@github.com
https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531 | source : security-advisories@github.com
https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g | source : security-advisories@github.com

Vulnerability : CWE-284


Source : mattermost.com

Vulnerability ID : CVE-2023-47865

First published on : 27-11-2023 09:15:32
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled

CVE ID : CVE-2023-47865
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-40703

First published on : 27-11-2023 10:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string.

CVE ID : CVE-2023-40703
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-43754

First published on : 27-11-2023 10:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.

CVE ID : CVE-2023-43754
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-45223

First published on : 27-11-2023 10:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.

CVE ID : CVE-2023-45223
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-47168

First published on : 27-11-2023 10:15:08
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

CVE ID : CVE-2023-47168
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2023-48268

First published on : 27-11-2023 10:15:08
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

CVE ID : CVE-2023-48268
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-48369

First published on : 27-11-2023 10:15:08
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.

CVE ID : CVE-2023-48369
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-6202

First published on : 27-11-2023 10:15:08
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.

CVE ID : CVE-2023-6202
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


(10) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-48711

First published on : 24-11-2023 17:15:07
Last modified on : 27-11-2023 13:52:21

Description :
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/...`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48711
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/cjvnjde/google-translate-api-browser/commit/33c2eac4a21c6504409e7b06dd16e6346f93d34b | source : security-advisories@github.com
https://github.com/cjvnjde/google-translate-api-browser/security/advisories/GHSA-4233-7q5q-m7p6 | source : security-advisories@github.com

Vulnerability : CWE-918


Source : checkmk.com

Vulnerability ID : CVE-2023-6251

First published on : 24-11-2023 09:15:09
Last modified on : 24-11-2023 15:24:57

Description :
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.

CVE ID : CVE-2023-6251
Source : security@checkmk.com
CVSS Score : 3.5

References :
https://checkmk.com/werk/16224 | source : security@checkmk.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-6287

First published on : 27-11-2023 14:15:08
Last modified on : 27-11-2023 16:35:06

Description :
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.

CVE ID : CVE-2023-6287
Source : security@checkmk.com
CVSS Score : 3.3

References :
https://checkmk.com/werk/9554 | source : security@checkmk.com

Vulnerability : CWE-200
Vulnerability : CWE-598


Source : vuldb.com

Vulnerability ID : CVE-2023-6275

First published on : 24-11-2023 15:15:07
Last modified on : 24-11-2023 15:24:57

Description :
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246104. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6275
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.246104 | source : cna@vuldb.com
https://vuldb.com/?id.246104 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6300

First published on : 27-11-2023 00:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6300
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246126 | source : cna@vuldb.com
https://vuldb.com/?id.246126 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6301

First published on : 27-11-2023 00:15:07
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127.

CVE ID : CVE-2023-6301
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246127 | source : cna@vuldb.com
https://vuldb.com/?id.246127 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6313

First published on : 27-11-2023 03:15:07
Last modified on : 27-11-2023 13:52:09

Description :
A vulnerability was found in SourceCodester URL Shortener 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Long URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246139.

CVE ID : CVE-2023-6313
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/url-shortener.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246139 | source : cna@vuldb.com
https://vuldb.com/?id.246139 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6303

First published on : 27-11-2023 00:15:08
Last modified on : 27-11-2023 13:52:15

Description :
A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input <svg><animate onbegin=alert(1) attributeName=x dur=1s> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6303
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/t34t/CVE/blob/main/CSZCMS/0-Store-XSS-Vulnerability-in-cszcmsV1.3.0.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246129 | source : cna@vuldb.com
https://vuldb.com/?id.246129 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : us.ibm.com

Vulnerability ID : CVE-2023-26279

First published on : 24-11-2023 00:15:10
Last modified on : 24-11-2023 15:24:57

Description :
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.

CVE ID : CVE-2023-26279
Source : psirt@us.ibm.com
CVSS Score : 3.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/213551 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7081403 | source : psirt@us.ibm.com

Vulnerability : CWE-116


Source : mattermost.com

Vulnerability ID : CVE-2023-35075

First published on : 27-11-2023 10:15:07
Last modified on : 27-11-2023 13:52:09

Description :
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.

CVE ID : CVE-2023-35075
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.1

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-74


(47) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-33706

First published on : 24-11-2023 02:15:42
Last modified on : 24-11-2023 15:24:57

Description :
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.

CVE ID : CVE-2023-33706
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.pridesec.com.br/en/insecure-direct-object-reference-idor-affects-helpdesk-sysaid/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38914

First published on : 24-11-2023 13:15:07
Last modified on : 24-11-2023 13:15:07

Description :
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-38914
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-46575

First published on : 24-11-2023 14:15:08
Last modified on : 24-11-2023 15:24:57

Description :
A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.

CVE ID : CVE-2023-46575
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f | source : cve@mitre.org
https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179 | source : cve@mitre.org
https://github.com/meshery/meshery/pull/9372 | source : cve@mitre.org
https://meshery.io | source : cve@mitre.org


Vulnerability ID : CVE-2023-49298

First published on : 24-11-2023 19:15:07
Last modified on : 27-11-2023 13:52:21

Description :
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.

CVE ID : CVE-2023-49298
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 | source : cve@mitre.org
https://github.com/openzfs/zfs/issues/15526 | source : cve@mitre.org
https://github.com/openzfs/zfs/pull/15571 | source : cve@mitre.org
https://news.ycombinator.com/item?id=38405731 | source : cve@mitre.org
https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files | source : cve@mitre.org


Vulnerability ID : CVE-2023-49312

First published on : 26-11-2023 22:15:06
Last modified on : 27-11-2023 13:52:15

Description :
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.

CVE ID : CVE-2023-49312
Source : cve@mitre.org
CVSS Score : /

References :
https://precisionbridge.net/738vulnerability | source : cve@mitre.org
https://processhacker.sourceforge.io/archive/website_v2/features.php | source : cve@mitre.org


Vulnerability ID : CVE-2023-49321

First published on : 27-11-2023 00:15:07
Last modified on : 27-11-2023 13:52:15

Description :
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

CVE ID : CVE-2023-49321
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories/cve-2023-01 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49322

First published on : 27-11-2023 00:15:07
Last modified on : 27-11-2023 13:52:15

Description :
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

CVE ID : CVE-2023-49322
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories/cve-2023-02 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49029

First published on : 27-11-2023 16:15:11
Last modified on : 27-11-2023 16:35:06

Description :
Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.

CVE ID : CVE-2023-49029
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Chiaki2333/717b83b800180e1a4c3ee5f6e49f95c0 | source : cve@mitre.org
https://github.com/Chiaki2333/vulnerability/blob/main/smpn1smg-absis-XSS-lock.php-nama.md | source : cve@mitre.org
https://github.com/smpn1smg/absis | source : cve@mitre.org


Vulnerability ID : CVE-2023-49043

First published on : 27-11-2023 16:15:11
Last modified on : 27-11-2023 16:35:06

Description :
Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

CVE ID : CVE-2023-49043
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/fromSetWirelessRepeat.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49046

First published on : 27-11-2023 16:15:11
Last modified on : 27-11-2023 16:35:06

Description :
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

CVE ID : CVE-2023-49046
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/formAddMacfilterRule.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49028

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file.

CVE ID : CVE-2023-49028
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Chiaki2333/d132c4b169b55bd7cd50e73dbe20c410 | source : cve@mitre.org
https://github.com/Chiaki2333/vulnerability/blob/main/smpn1smg-absis-XSS-lock.php-user.md | source : cve@mitre.org
https://github.com/smpn1smg/absis | source : cve@mitre.org


Vulnerability ID : CVE-2023-49040

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.

CVE ID : CVE-2023-49040
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_internet_set.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49042

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

CVE ID : CVE-2023-49042
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/setSchedWifi.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49047

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.

CVE ID : CVE-2023-49047
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/formSetDeviceName.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49316

First published on : 27-11-2023 18:15:07
Last modified on : 27-11-2023 19:03:35

Description :
In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service.

CVE ID : CVE-2023-49316
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f | source : cve@mitre.org
https://github.com/phpseclib/phpseclib/releases/tag/3.0.34 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48034

First published on : 27-11-2023 21:15:07
Last modified on : 27-11-2023 21:15:07

Description :
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.

CVE ID : CVE-2023-48034
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/aprkr/CVE-2023-48034 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49030

First published on : 27-11-2023 21:15:07
Last modified on : 27-11-2023 21:15:07

Description :
SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.

CVE ID : CVE-2023-49030
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Chiaki2333/f09b47a39e175932d8a2360e439194d5 | source : cve@mitre.org
https://github.com/32ns/KLive | source : cve@mitre.org
https://github.com/Chiaki2333/vulnerability/blob/main/32ns-KLive-SQL-user.php.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49044

First published on : 27-11-2023 21:15:07
Last modified on : 27-11-2023 21:15:07

Description :
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.

CVE ID : CVE-2023-49044
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_wifi_set.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-42363

First published on : 27-11-2023 22:15:07
Last modified on : 27-11-2023 22:15:07

Description :
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

CVE ID : CVE-2023-42363
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.busybox.net/show_bug.cgi?id=15865 | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-48796

First published on : 24-11-2023 08:15:20
Last modified on : 24-11-2023 15:24:57

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

CVE ID : CVE-2023-48796
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/24/1 | source : security@apache.org
https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo | source : security@apache.org

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49068

First published on : 27-11-2023 10:15:08
Last modified on : 27-11-2023 13:52:09

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

CVE ID : CVE-2023-49068
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/dolphinscheduler/pull/15192 | source : security@apache.org
https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq | source : security@apache.org

Vulnerability : CWE-200


Source : navercorp.com

Vulnerability ID : CVE-2023-25632

First published on : 27-11-2023 07:15:43
Last modified on : 27-11-2023 13:52:09

Description :
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.

CVE ID : CVE-2023-25632
Source : cve@navercorp.com
CVSS Score : /

References :
https://cve.naver.com/detail/cve-2023-25632.html | source : cve@navercorp.com

Vulnerability : CWE-284


Source : wpscan.com

Vulnerability ID : CVE-2023-2707

First published on : 27-11-2023 17:15:07
Last modified on : 27-11-2023 19:03:39

Description :
The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-2707
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e5664da4-5b78-4e42-be6b-e0d7b73a85b0 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4252

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.

CVE ID : CVE-2023-4252
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d2019e59-db6c-4014-8057-0644c9a00665 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4297

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.

CVE ID : CVE-2023-4297
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4514

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVE ID : CVE-2023-4514
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/365b15e6-3755-4ed5-badd-c9dd962bd9fa | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4642

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.

CVE ID : CVE-2023-4642
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4922

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:39

Description :
The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.

CVE ID : CVE-2023-4922
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5209

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:35

Description :
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-5209
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/dea6077a-81ee-451f-b049-3749a2252c88 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5239

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:35

Description :
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.

CVE ID : CVE-2023-5239
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5325

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:35

Description :
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS

CVE ID : CVE-2023-5325
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e93841ef-e113-41d3-9fa1-b21af85bd812 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5525

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:35

Description :
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.

CVE ID : CVE-2023-5525
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/654bad15-1c88-446a-b28b-5a412cc0399d | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5559

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:35

Description :
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

CVE ID : CVE-2023-5559
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5560

First published on : 27-11-2023 17:15:08
Last modified on : 27-11-2023 19:03:35

Description :
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.

CVE ID : CVE-2023-5560
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/55d23184-fc5a-4090-b079-142407b59b05 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5604

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.

CVE ID : CVE-2023-5604
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/4ce69d71-87bf-4d95-90f2-63d558c78b69 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5611

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

CVE ID : CVE-2023-5611
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5620

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.

CVE ID : CVE-2023-5620
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5641

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-5641
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c0a6c253-71f2-415d-a6ec-022f2eafc13b | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5653

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins

CVE ID : CVE-2023-5653
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5737

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.

CVE ID : CVE-2023-5737
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c761c67c-eab8-4e1b-a332-c9a45e22bb13 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5738

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.

CVE ID : CVE-2023-5738
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7f935916-9a1a-40c7-b6d8-efcc46eb8eaf | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5845

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags

CVE ID : CVE-2023-5845
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d5b59e9e-85e5-4d26-aebe-64757c8495fa | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5906

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.

CVE ID : CVE-2023-5906
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5942

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVE ID : CVE-2023-5942
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/914559e1-eed5-4a69-8371-a48055835453 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5958

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.

CVE ID : CVE-2023-5958
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5974

First published on : 27-11-2023 17:15:09
Last modified on : 27-11-2023 19:03:35

Description :
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

CVE ID : CVE-2023-5974
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5 | source : contact@wpscan.com


Source : wordfence.com

Vulnerability ID : CVE-2023-5773

First published on : 27-11-2023 22:15:08
Last modified on : 27-11-2023 22:15:08

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

CVE ID : CVE-2023-5773
Source : security@wordfence.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.