Latest vulnerabilities of Thursday, October 26, 2023

Latest vulnerabilities of Thursday, October 26, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/26/2023 at 11:58:02 PM

(9) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : palantir.com

Vulnerability ID : CVE-2023-30967

First published on : 26-10-2023 00:15:10
Last modified on : 26-10-2023 11:44:17

Description :
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.

CVE ID : CVE-2023-30967
Source : cve-coordination@palantir.com
CVSS Score : 9.8

References :
https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79 | source : cve-coordination@palantir.com


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-42769

First published on : 26-10-2023 17:15:08
Last modified on : 26-10-2023 17:33:34

Description :
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.

CVE ID : CVE-2023-42769
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 | source : ics-cert@hq.dhs.gov
https://www.sielco.org/en/contacts | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-46661

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

CVE ID : CVE-2023-46661
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-46665

First published on : 26-10-2023 21:15:08
Last modified on : 26-10-2023 21:15:08

Description :
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

CVE ID : CVE-2023-46665
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-5754

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

CVE ID : CVE-2023-5754
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.1

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-307


Source : fluidattacks.com

Vulnerability ID : CVE-2023-44267

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44267
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Source : f5.com

Vulnerability ID : CVE-2023-46747

First published on : 26-10-2023 21:15:08
Last modified on : 26-10-2023 21:15:08

Description :
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE ID : CVE-2023-46747
Source : f5sirt@f5.com
CVSS Score : 9.8

References :
https://my.f5.com/manage/s/article/K000137353 | source : f5sirt@f5.com

Vulnerability : CWE-288


Source : elastic.co

Vulnerability ID : CVE-2023-31422

First published on : 26-10-2023 02:15:08
Last modified on : 26-10-2023 11:44:17

Description :
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.

CVE ID : CVE-2023-31422
Source : bressers@elastic.co
CVSS Score : 9.0

References :
https://discuss.elastic.co/t/kibana-8-10-1-security-update/343287 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Source : mitre.org

Vulnerability ID : CVE-2023-45869

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.

CVE ID : CVE-2023-45869
Source : cve@mitre.org
CVSS Score : 9.0

References :
https://rehmeinfosec.de/labor/cve-2023-45869 | source : cve@mitre.org
https://rehmeinfosec.de/report/358ad5f6-f712-4f74-a5ee-476efc856cbc/ | source : cve@mitre.org


(26) HIGH VULNERABILITIES [7.0, 8.9]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-45317

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 17:33:34

Description :
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

CVE ID : CVE-2023-45317
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 | source : ics-cert@hq.dhs.gov
https://www.sielco.org/en/contacts | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-0897

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.

CVE ID : CVE-2023-0897
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-384


Vulnerability ID : CVE-2023-39427

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-39427
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-39936

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-39936
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-46662

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.

CVE ID : CVE-2023-46662
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-46663

First published on : 26-10-2023 21:15:07
Last modified on : 26-10-2023 21:15:07

Description :
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

CVE ID : CVE-2023-46663
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-46664

First published on : 26-10-2023 21:15:07
Last modified on : 26-10-2023 21:15:07

Description :
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

CVE ID : CVE-2023-46664
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Source : f5.com

Vulnerability ID : CVE-2023-46748

First published on : 26-10-2023 21:15:08
Last modified on : 26-10-2023 21:15:08

Description :
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE ID : CVE-2023-46748
Source : f5sirt@f5.com
CVSS Score : 8.8

References :
https://my.f5.com/manage/s/article/K000137365 | source : f5sirt@f5.com

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2023-46238

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victimโ€™s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.

CVE ID : CVE-2023-46238
Source : security-advisories@github.com
CVSS Score : 8.7

References :
https://github.com/zitadel/zitadel/releases/tag/v2.38.2 | source : security-advisories@github.com
https://github.com/zitadel/zitadel/releases/tag/v2.39.2 | source : security-advisories@github.com
https://github.com/zitadel/zitadel/security/advisories/GHSA-954h-jrpm-72pm | source : security-advisories@github.com

Vulnerability : CWE-79


Source : palantir.com

Vulnerability ID : CVE-2023-30969

First published on : 26-10-2023 00:15:10
Last modified on : 26-10-2023 11:44:17

Description :
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.

CVE ID : CVE-2023-30969
Source : cve-coordination@palantir.com
CVSS Score : 8.2

References :
https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7 | source : cve-coordination@palantir.com


Source : elastic.co

Vulnerability ID : CVE-2023-46667

First published on : 26-10-2023 01:15:07
Last modified on : 26-10-2023 11:44:17

Description :
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Serverโ€™s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.

CVE ID : CVE-2023-46667
Source : bressers@elastic.co
CVSS Score : 8.1

References :
https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-31418

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 18:15:08

Description :
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

CVE ID : CVE-2023-31418
Source : bressers@elastic.co
CVSS Score : 7.5

References :
https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-400


Source : vuldb.com

Vulnerability ID : CVE-2023-5780

First published on : 26-10-2023 13:15:10
Last modified on : 26-10-2023 15:32:23

Description :
A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5780
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/RCEraser/cve/blob/main/sql_inject_5.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243586 | source : cna@vuldb.com
https://vuldb.com/?id.243586 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5787

First published on : 26-10-2023 16:15:08
Last modified on : 26-10-2023 17:33:34

Description :
A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability.

CVE ID : CVE-2023-5787
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/Echosssy/-SQL-injection-exists-in-the-score-query-system/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243593 | source : cna@vuldb.com
https://vuldb.com/?id.243593 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5794

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 18:15:08

Description :
A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.

CVE ID : CVE-2023-5794
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/JacksonStonee/Online-Railway-Catering-System-1.0-has-a-SQL-injection-vulnerability-in-index.php/tree/main | source : cna@vuldb.com
https://vuldb.com/?ctiid.243600 | source : cna@vuldb.com
https://vuldb.com/?id.243600 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5804

First published on : 26-10-2023 20:15:08
Last modified on : 26-10-2023 20:15:08

Description :
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.

CVE ID : CVE-2023-5804
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/JacksonStonee/Nipah-virus-NiV-Testing-Management-System-Using-PHP-and-MySQL-1.0-has-a-SQL-injection-vuln-login.php/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243617 | source : cna@vuldb.com
https://vuldb.com/?id.243617 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : tenable.com

Vulnerability ID : CVE-2023-5624

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 17:33:34

Description :
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.

CVE ID : CVE-2023-5624
Source : vulnreport@tenable.com
CVSS Score : 7.2

References :
https://www.tenable.com/security/tns-2023-34 | source : vulnreport@tenable.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-5622

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 17:33:34

Description :
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.

CVE ID : CVE-2023-5622
Source : vulnreport@tenable.com
CVSS Score : 7.1

References :
https://www.tenable.com/security/tns-2023-34 | source : vulnreport@tenable.com


Vulnerability ID : CVE-2023-5623

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 17:33:34

Description :
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location

CVE ID : CVE-2023-5623
Source : vulnreport@tenable.com
CVSS Score : 7.0

References :
https://www.tenable.com/security/tns-2023-34 | source : vulnreport@tenable.com


Source : patchstack.com

Vulnerability ID : CVE-2023-46072

First published on : 26-10-2023 12:15:08
Last modified on : 26-10-2023 12:58:59

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.

CVE ID : CVE-2023-46072
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46075

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:27

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.

CVE ID : CVE-2023-46075
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/contact-forms-builder/wordpress-contact-form-builder-contact-widget-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46076

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:27

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions.

CVE ID : CVE-2023-46076
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-plugin-1-2-100-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46077

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:23

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed โ€“ Custom Feed plugin <= 2.2.5 versions.

CVE ID : CVE-2023-46077
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-facebook-feed/wordpress-the-awesome-feed-custom-feed-plugin-2-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46081

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:23

Description :
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

CVE ID : CVE-2023-46081
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/lava-directory-manager/wordpress-lava-directory-manager-plugin-1-1-34-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46094

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:23

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.3 versions.

CVE ID : CVE-2023-46094
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-conversios-io-plugin-6-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46090

First published on : 26-10-2023 14:15:08
Last modified on : 26-10-2023 15:32:23

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.

CVE ID : CVE-2023-46090
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/spider-facebook/wordpress-wdsocialwidgets-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(27) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : silabs.com

Vulnerability ID : CVE-2023-41095

First published on : 26-10-2023 14:15:08
Last modified on : 26-10-2023 15:32:23

Description :
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.

CVE ID : CVE-2023-41095
Source : product-security@silabs.com
CVSS Score : 6.8

References :
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 | source : product-security@silabs.com

Vulnerability : CWE-311


Vulnerability ID : CVE-2023-41096

First published on : 26-10-2023 14:15:08
Last modified on : 26-10-2023 15:32:23

Description :
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.

CVE ID : CVE-2023-41096
Source : product-security@silabs.com
CVSS Score : 6.8

References :
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 | source : product-security@silabs.com

Vulnerability : CWE-311


Source : patchstack.com

Vulnerability ID : CVE-2023-30492

First published on : 26-10-2023 12:15:08
Last modified on : 26-10-2023 12:58:59

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions.

CVE ID : CVE-2023-30492
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/minimum-purchase-for-woocommerce/wordpress-minimum-purchase-for-woocommerce-plugin-2-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32116

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:27

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.

CVE ID : CVE-2023-32116
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/custom-post-types/wordpress-custom-post-types-plugin-4-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46088

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:23

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.

CVE ID : CVE-2023-46088
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46074

First published on : 26-10-2023 12:15:08
Last modified on : 26-10-2023 12:58:59

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions.

CVE ID : CVE-2023-46074
Source : audit@patchstack.com
CVSS Score : 5.8

References :
https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5802

First published on : 26-10-2023 12:15:08
Last modified on : 26-10-2023 12:58:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin โ€“ WP Knowledgebase plugin <= 1.3.4 versions.

CVE ID : CVE-2023-5802
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-knowledgebase/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : github.com

Vulnerability ID : CVE-2023-46234

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

CVE ID : CVE-2023-46234
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 | source : security-advisories@github.com
https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw | source : security-advisories@github.com

Vulnerability : CWE-347


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-41966

First published on : 26-10-2023 17:15:08
Last modified on : 26-10-2023 17:33:34

Description :
The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

CVE ID : CVE-2023-41966
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 | source : ics-cert@hq.dhs.gov
https://www.sielco.org/en/contacts | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-267


Vulnerability ID : CVE-2023-45228

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 17:33:34

Description :
The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.

CVE ID : CVE-2023-45228
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 | source : ics-cert@hq.dhs.gov
https://www.sielco.org/en/contacts | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Source : elastic.co

Vulnerability ID : CVE-2023-31419

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 19:15:45

Description :
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

CVE ID : CVE-2023-31419
Source : bressers@elastic.co
CVSS Score : 6.5

References :
https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-31421

First published on : 26-10-2023 04:15:16
Last modified on : 26-10-2023 11:44:17

Description :
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.

CVE ID : CVE-2023-31421
Source : bressers@elastic.co
CVSS Score : 5.9

References :
https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-295


Vulnerability ID : CVE-2023-46666

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 17:33:34

Description :
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

CVE ID : CVE-2023-46666
Source : bressers@elastic.co
CVSS Score : 5.3

References :
https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-31416

First published on : 26-10-2023 19:15:45
Last modified on : 26-10-2023 19:15:45

Description :
Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.

CVE ID : CVE-2023-31416
Source : bressers@elastic.co
CVSS Score : 5.3

References :
https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-46668

First published on : 26-10-2023 00:15:12
Last modified on : 26-10-2023 11:44:17

Description :
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.

CVE ID : CVE-2023-46668
Source : bressers@elastic.co
CVSS Score : 4.6

References :
https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-31417

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 18:15:08

Description :
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.

CVE ID : CVE-2023-31417
Source : bressers@elastic.co
CVSS Score : 4.1

References :
https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Source : vuldb.com

Vulnerability ID : CVE-2023-5781

First published on : 26-10-2023 13:15:10
Last modified on : 26-10-2023 15:32:23

Description :
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5781
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/wangxinyudad/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243587 | source : cna@vuldb.com
https://vuldb.com/?id.243587 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5783

First published on : 26-10-2023 14:15:08
Last modified on : 26-10-2023 15:32:23

Description :
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5783
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/halleyakina/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243589 | source : cna@vuldb.com
https://vuldb.com/?id.243589 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5790

First published on : 26-10-2023 17:15:10
Last modified on : 26-10-2023 17:33:34

Description :
A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.

CVE ID : CVE-2023-5790
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Yp1oneer/cve_hub/blob/main/File%20Manager%20App/Unrestricted%20File%20Upload.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243595 | source : cna@vuldb.com
https://vuldb.com/?id.243595 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5792

First published on : 26-10-2023 17:15:10
Last modified on : 26-10-2023 17:33:34

Description :
A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5792
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/SQL%20Injection-1.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243598 | source : cna@vuldb.com
https://vuldb.com/?id.243598 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5795

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 18:15:08

Description :
A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability.

CVE ID : CVE-2023-5795
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.243601 | source : cna@vuldb.com
https://vuldb.com/?id.243601 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5796

First published on : 26-10-2023 18:15:09
Last modified on : 26-10-2023 18:15:09

Description :
A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5796
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://drive.google.com/file/d/1LIXuVmxby4QTY7v7dD-F0oRnwVVOwlmJ/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.243602 | source : cna@vuldb.com
https://vuldb.com/?id.243602 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5782

First published on : 26-10-2023 14:15:08
Last modified on : 26-10-2023 15:32:23

Description :
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5782
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Charmeeeeee/Tongda-OA-repo/blob/main/Tongda_OA_Vulnerability_Report.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243588 | source : cna@vuldb.com
https://vuldb.com/?id.243588 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5784

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5784
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/gb111d/ns-asg_poc/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.243590 | source : cna@vuldb.com
https://vuldb.com/?id.243590 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5785

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5785
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/ggg48966/cve/blob/main/NS-ASG-sql-addaddress_interpret.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243591 | source : cna@vuldb.com
https://vuldb.com/?id.243591 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5786

First published on : 26-10-2023 16:15:08
Last modified on : 26-10-2023 17:33:34

Description :
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592.

CVE ID : CVE-2023-5786
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/Qxyday/GeoServe---unauthorized | source : cna@vuldb.com
https://vuldb.com/?ctiid.243592 | source : cna@vuldb.com
https://vuldb.com/?id.243592 | source : cna@vuldb.com

Vulnerability : CWE-425


Source : zephyrproject.org

Vulnerability ID : CVE-2023-5139

First published on : 26-10-2023 05:15:26
Last modified on : 26-10-2023 11:44:17

Description :
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver

CVE ID : CVE-2023-5139
Source : vulnerabilities@zephyrproject.org
CVSS Score : 4.4

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453 | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-120


(3) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-5791

First published on : 26-10-2023 17:15:10
Last modified on : 26-10-2023 17:33:34

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.

CVE ID : CVE-2023-5791
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/Cross%20Site%20Scripting.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243597 | source : cna@vuldb.com
https://vuldb.com/?id.243597 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5793

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 18:15:08

Description :
A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599.

CVE ID : CVE-2023-5793
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/flusity/flusity-CMS/commit/81252bc764e1de2422e79e36194bba1289e7a0a5 | source : cna@vuldb.com
https://github.com/flusity/flusity-CMS/issues/1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243599 | source : cna@vuldb.com
https://vuldb.com/?id.243599 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5789

First published on : 26-10-2023 17:15:10
Last modified on : 26-10-2023 17:33:34

Description :
A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5789
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1s_NzD0Z6lMvRoo9sLXqRvYRaF7XTAYBE/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.243594 | source : cna@vuldb.com
https://vuldb.com/?id.243594 | source : cna@vuldb.com

Vulnerability : CWE-79


(17) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-43905

First published on : 26-10-2023 00:15:12
Last modified on : 26-10-2023 11:44:17

Description :
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.

CVE ID : CVE-2023-43905
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Playful-CR/CVE-paddle-/blob/main/CVE-2023-43905..md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43906

First published on : 26-10-2023 00:15:12
Last modified on : 26-10-2023 11:44:17

Description :
Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.

CVE ID : CVE-2023-43906
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Playful-CR/CVE-paddle-/blob/main/CVE-2023-43906 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46345

First published on : 26-10-2023 00:15:12
Last modified on : 26-10-2023 11:44:17

Description :
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.

CVE ID : CVE-2023-46345
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/rycbar77/d747b2c37b544ece30b2353a65ab41f9 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46752

First published on : 26-10-2023 05:15:26
Last modified on : 26-10-2023 11:44:17

Description :
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

CVE ID : CVE-2023-46752
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46753

First published on : 26-10-2023 05:15:26
Last modified on : 26-10-2023 11:44:17

Description :
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

CVE ID : CVE-2023-46753
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46754

First published on : 26-10-2023 05:15:26
Last modified on : 26-10-2023 11:44:17

Description :
The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.

CVE ID : CVE-2023-46754
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/obl-ong/admin/releases/tag/v1.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2020-17477

First published on : 26-10-2023 13:15:09
Last modified on : 26-10-2023 15:32:27

Description :
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.

CVE ID : CVE-2020-17477
Source : cve@mitre.org
CVSS Score : /

References :
https://forge.univention.org/bugzilla/show_bug.cgi?id=50669 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45867

First published on : 26-10-2023 15:15:08
Last modified on : 26-10-2023 15:32:23

Description :
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet.

CVE ID : CVE-2023-45867
Source : cve@mitre.org
CVSS Score : /

References :
https://rehmeinfosec.de | source : cve@mitre.org
https://rehmeinfosec.de/labor/cve-2023-45867 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45868

First published on : 26-10-2023 15:15:08
Last modified on : 26-10-2023 15:32:23

Description :
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.

CVE ID : CVE-2023-45868
Source : cve@mitre.org
CVSS Score : /

References :
https://rehmeinfosec.de | source : cve@mitre.org
https://rehmeinfosec.de/labor/cve-2023-45867 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46449

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

CVE ID : CVE-2023-46449
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sajaljat/CVE-2023-46449/tree/main | source : cve@mitre.org
https://www.youtube.com/watch?v=H5QnsOKjs3s | source : cve@mitre.org


Vulnerability ID : CVE-2023-46450

First published on : 26-10-2023 15:15:09
Last modified on : 26-10-2023 15:32:23

Description :
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.

CVE ID : CVE-2023-46450
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yte121/-CVE-2023-46450/ | source : cve@mitre.org
https://youtu.be/LQy0_xIK2q0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43208

First published on : 26-10-2023 17:15:09
Last modified on : 26-10-2023 18:15:08

Description :
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.

CVE ID : CVE-2023-43208
Source : cve@mitre.org
CVSS Score : /

References :
https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46435

First published on : 26-10-2023 18:15:08
Last modified on : 26-10-2023 18:15:08

Description :
Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.

CVE ID : CVE-2023-46435
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/kirra-max/bug_reports/blob/main/packers-and-movers-management-system-phpoop-free-source-code/SQL-1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-33558

First published on : 26-10-2023 21:15:07
Last modified on : 26-10-2023 21:15:07

Description :
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.

CVE ID : CVE-2023-33558
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ninj4c0d3r/OcoMon-Research | source : cve@mitre.org
https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc | source : cve@mitre.org


Vulnerability ID : CVE-2023-33559

First published on : 26-10-2023 21:15:07
Last modified on : 26-10-2023 21:15:07

Description :
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.

CVE ID : CVE-2023-33559
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ninj4c0d3r/OcoMon-Research | source : cve@mitre.org
https://github.com/ninj4c0d3r/OcoMon-Research/commit/7459ff397f48b5356930c16c522331e39158461dv | source : cve@mitre.org


Vulnerability ID : CVE-2023-39726

First published on : 26-10-2023 21:15:07
Last modified on : 26-10-2023 21:15:07

Description :
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CVE ID : CVE-2023-39726
Source : cve@mitre.org
CVSS Score : /

References :
https://dgl.cx/2023/09/ansi-terminal-security#mintty-osc50 | source : cve@mitre.org


Source : wpscan.com

Vulnerability ID : CVE-2023-5798

First published on : 26-10-2023 10:15:34
Last modified on : 26-10-2023 11:44:17

Description :
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks

CVE ID : CVE-2023-5798
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/bbb4c98c-4dd7-421e-9666-98f15acde761 | source : contact@wpscan.com

Vulnerability : CWE-918


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.