Latest vulnerabilities of Saturday, October 21, 2023

Latest vulnerabilities of Saturday, October 21, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/21/2023 at 11:58:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(7) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-5132

First published on : 21-10-2023 02:15:07
Last modified on : 21-10-2023 08:33:34

Description :
The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).

CVE ID : CVE-2023-5132
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/soisy-pagamento-rateale/trunk/public/class-soisy-pagamento-rateale-public.php#L465 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Source : github.com

Vulnerability ID : CVE-2023-45664

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.

CVE ID : CVE-2023-45664
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-45666

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed

CVE ID : CVE-2023-45666
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-45676

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.

CVE ID : CVE-2023-45676
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45677

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.

CVE ID : CVE-2023-45677
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45679

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.

CVE ID : CVE-2023-45679
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-45681

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.

CVE ID : CVE-2023-45681
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


(14) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-45661

First published on : 21-10-2023 00:15:08
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.

CVE ID : CVE-2023-45661
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-45662

First published on : 21-10-2023 00:15:08
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.

CVE ID : CVE-2023-45662
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-45675

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.

CVE ID : CVE-2023-45675
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45678

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.

CVE ID : CVE-2023-45678
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45663

First published on : 21-10-2023 00:15:08
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.

CVE ID : CVE-2023-45663
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-908


Vulnerability ID : CVE-2023-45667

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

CVE ID : CVE-2023-45667
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-45680

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.

CVE ID : CVE-2023-45680
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-45682

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.

CVE ID : CVE-2023-45682
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-125


Source : wordfence.com

Vulnerability ID : CVE-2023-5205

First published on : 21-10-2023 08:15:09
Last modified on : 21-10-2023 08:33:34

Description :
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5205
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/add-custom-body-class/trunk/add-custom-body-class.php#L32 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9841b57b-b869-4282-8781-60538f6f269f?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4635

First published on : 21-10-2023 08:15:08
Last modified on : 21-10-2023 08:33:34

Description :
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-4635
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://github.com/xsn1210/vul/blob/main/xss%5BEventON%5D%20.md | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4939

First published on : 21-10-2023 08:15:08
Last modified on : 21-10-2023 08:33:34

Description :
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences.

CVE ID : CVE-2023-4939
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/salesmanago/trunk/src/Admin/Controller/CallbackController.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/salesmanago/trunk/src/Includes/Helper.php#L376 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/de7db1d6-b352-44c7-a6cc-b21cb65a0482?source=cve | source : security@wordfence.com

Vulnerability : CWE-305


Source : vuldb.com

Vulnerability ID : CVE-2023-5683

First published on : 21-10-2023 05:16:07
Last modified on : 21-10-2023 08:33:34

Description :
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5683
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yaphetszz/cve/blob/main/upload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243059 | source : cna@vuldb.com
https://vuldb.com/?id.243059 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-5684

First published on : 21-10-2023 07:15:07
Last modified on : 21-10-2023 08:33:34

Description :
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5684
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/Chef003/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243061 | source : cna@vuldb.com
https://vuldb.com/?id.243061 | source : cna@vuldb.com

Vulnerability : CWE-78


Source : patchstack.com

Vulnerability ID : CVE-2023-46067

First published on : 21-10-2023 21:15:08
Last modified on : 21-10-2023 21:15:08

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

CVE ID : CVE-2023-46067
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/rocket-font/wordpress-rocket-font-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


(0) LOW VULNERABILITIES [0.1, 3.9]

(7) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-38190

First published on : 21-10-2023 01:15:07
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.

CVE ID : CVE-2023-38190
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0014/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38192

First published on : 21-10-2023 01:15:07
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.

CVE ID : CVE-2023-38192
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0011/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38193

First published on : 21-10-2023 01:15:08
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.

CVE ID : CVE-2023-38193
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2023-0015/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38194

First published on : 21-10-2023 01:15:08
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.

CVE ID : CVE-2023-38194
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0013/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46003

First published on : 21-10-2023 01:15:08
Last modified on : 21-10-2023 08:33:34

Description :
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.

CVE ID : CVE-2023-46003
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/@ray.999/stored-xss-in-i-doit-pro-25-and-below-cve-2023-46003-17fb8d6fe2e9 | source : cve@mitre.org
https://www.i-doit.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46054

First published on : 21-10-2023 07:15:07
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.

CVE ID : CVE-2023-46054
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46055

First published on : 21-10-2023 07:15:07
Last modified on : 21-10-2023 08:33:34

Description :
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.

CVE ID : CVE-2023-46055
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.