Latest vulnerabilities of Thursday, September 28, 2023

Latest vulnerabilities of Thursday, September 28, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/28/2023 at 11:58:02 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-43013

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

CVE ID : CVE-2023-43013
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/nergal | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5004

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.

CVE ID : CVE-2023-5004
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/alcocer | source : help@fluidattacks.com
https://github.com/projectworldsofficial/hospital-management-system-in-php/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-43740

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

CVE ID : CVE-2023-43740
Source : help@fluidattacks.com
CVSS Score : 9.1

References :
https://fluidattacks.com/advisories/shagrath | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5185

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

CVE ID : CVE-2023-5185
Source : help@fluidattacks.com
CVSS Score : 9.1

References :
https://fluidattacks.com/advisories/orion | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-434


(7) HIGH VULNERABILITIES [7.0, 8.9]

Source : mitre.org

Vulnerability ID : CVE-2023-41450

First published on : 28-09-2023 03:15:11
Last modified on : 28-09-2023 17:55:39

Description :
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

CVE ID : CVE-2023-41450
Source : cve@mitre.org
CVSS Score : 8.8

References :
http://ajaxnewsticker.com | source : cve@mitre.org
http://phpkobo.com | source : cve@mitre.org
https://gist.github.com/RNPG/e11af10e1bd3606de8b568033d932589 | source : cve@mitre.org

Vulnerability : CWE-94

Vulnerable product(s) : cpe:2.3:a:phpkobo:ajaxnewsticker:1.0.5:*:*:*:*:*:*:*


Source : fluidattacks.com

Vulnerability ID : CVE-2023-5053

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.

CVE ID : CVE-2023-5053
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/shierro | source : help@fluidattacks.com
https://github.com/projectworldsofficial/hospital-management-system-in-php/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4316

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails

CVE ID : CVE-2023-4316
Source : help@fluidattacks.com
CVSS Score : 7.5

References :
https://fluidattacks.com/advisories/swift | source : help@fluidattacks.com
https://www.npmjs.com/package/zod | source : help@fluidattacks.com

Vulnerability : CWE-20


Source : incibe.es

Vulnerability ID : CVE-2022-47186

First published on : 28-09-2023 14:15:16
Last modified on : 28-09-2023 14:29:58

Description :
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.

CVE ID : CVE-2022-47186
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://www.generex.de/support/changelogs/cs141/page:2 | source : cve-coordination@incibe.es
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 | source : cve-coordination@incibe.es

Vulnerability : CWE-434


Source : snyk.io

Vulnerability ID : CVE-2023-26145

First published on : 28-09-2023 05:15:45
Last modified on : 28-09-2023 12:44:04

Description :
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.

CVE ID : CVE-2023-26145
Source : report@snyk.io
CVSS Score : 7.4

References :
https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca | source : report@snyk.io
https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518 | source : report@snyk.io


Source : us.ibm.com

Vulnerability ID : CVE-2023-40375

First published on : 28-09-2023 18:15:11
Last modified on : 28-09-2023 18:19:27

Description :
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.

CVE ID : CVE-2023-40375
Source : psirt@us.ibm.com
CVSS Score : 7.4

References :
https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7038748 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Source : github.com

Vulnerability ID : CVE-2023-43657

First published on : 28-09-2023 19:15:10
Last modified on : 28-09-2023 20:29:46

Description :
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.

CVE ID : CVE-2023-43657
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | source : security-advisories@github.com
https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e | source : security-advisories@github.com
https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v | source : security-advisories@github.com

Vulnerability : CWE-79


(16) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-5230

First published on : 28-09-2023 05:15:46
Last modified on : 28-09-2023 12:44:04

Description :
The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5230
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/tm-woocommerce-compare-wishlist/tags/1.1.7/includes/wishlist/wishlist.php#L339 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/771ecb8c-feb1-40ea-b47b-a2ae033b3c87?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5232

First published on : 28-09-2023 05:15:46
Last modified on : 28-09-2023 12:44:04

Description :
The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5232
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/font-awesome-more-icons/tags/3.5/plugin.php#L82 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/15947764-a070-4715-bd44-cb79b62ed59d?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5233

First published on : 28-09-2023 05:15:46
Last modified on : 28-09-2023 12:44:04

Description :
The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5233
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/font-awesome-integration/tags/5.0/font-awesome-integration.php#L48 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2791f48-895f-4099-87ec-41aaac2494a2?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : sap.com

Vulnerability ID : CVE-2023-40307

First published on : 28-09-2023 14:15:18
Last modified on : 28-09-2023 14:29:58

Description :
An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

CVE ID : CVE-2023-40307
Source : cna@sap.com
CVSS Score : 6.3

References :
https://github.com/SAP/macOS-enterprise-privileges/security/advisories/GHSA-rgq4-wxpj-5jv9 | source : cna@sap.com

Vulnerability : CWE-787


Source : github.com

Vulnerability ID : CVE-2023-43663

First published on : 28-09-2023 19:15:10
Last modified on : 28-09-2023 20:29:46

Description :
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

CVE ID : CVE-2023-43663
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7 | source : security-advisories@github.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-43664

First published on : 28-09-2023 19:15:10
Last modified on : 28-09-2023 20:29:46

Description :
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.

CVE ID : CVE-2023-43664
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j | source : security-advisories@github.com

Vulnerability : CWE-269


Source : mitre.org

Vulnerability ID : CVE-2023-41446

First published on : 28-09-2023 03:15:11
Last modified on : 28-09-2023 21:49:06

Description :
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.

CVE ID : CVE-2023-41446
Source : cve@mitre.org
CVSS Score : 6.1

References :
http://ajaxnewsticker.com | source : cve@mitre.org
http://phpkobo.com | source : cve@mitre.org
https://gist.github.com/RNPG/4bb91170f8ee50b395427f26bc96a1f2 | source : cve@mitre.org

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:phpkobo:ajaxnewsticker:1.0.5:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41447

First published on : 28-09-2023 03:15:11
Last modified on : 28-09-2023 19:12:39

Description :
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.

CVE ID : CVE-2023-41447
Source : cve@mitre.org
CVSS Score : 6.1

References :
http://ajaxnewsticker.com | source : cve@mitre.org
http://phpkobo.com | source : cve@mitre.org
https://gist.github.com/RNPG/56b9fe4dcc3a248d4288bde5ffb3a5b3 | source : cve@mitre.org

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:phpkobo:ajaxnewsticker:1.0.5:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41911

First published on : 28-09-2023 21:15:09
Last modified on : 28-09-2023 21:15:09

Description :
Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).

CVE ID : CVE-2023-41911
Source : cve@mitre.org
CVSS Score : 4.7

References :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Source : snyk.io

Vulnerability ID : CVE-2023-26149

First published on : 28-09-2023 05:15:46
Last modified on : 28-09-2023 12:44:04

Description :
Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:** If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @.

CVE ID : CVE-2023-26149
Source : report@snyk.io
CVSS Score : 6.1

References :
https://codepen.io/ALiangLiang/pen/mdQMJXK | source : report@snyk.io
https://github.com/quill-mention/quill-mention/blob/0aa9847719257496b14ac5401872c4e2ffcbc3d1/src/quill.mention.js%23L391 | source : report@snyk.io
https://github.com/quill-mention/quill-mention/commit/e85262ddced0a7f0b6fc8350d236a68bd1e28385 | source : report@snyk.io
https://github.com/quill-mention/quill-mention/issues/255 | source : report@snyk.io
https://github.com/quill-mention/quill-mention/pull/341 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-QUILLMENTION-5921549 | source : report@snyk.io


Source : fluidattacks.com

Vulnerability ID : CVE-2023-44173

First published on : 28-09-2023 21:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.

CVE ID : CVE-2023-44173
Source : help@fluidattacks.com
CVSS Score : 5.4

References :
https://fluidattacks.com/advisories/harrison | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Source : incibe.es

Vulnerability ID : CVE-2022-47187

First published on : 28-09-2023 14:15:17
Last modified on : 28-09-2023 14:29:58

Description :
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.

CVE ID : CVE-2022-47187
Source : cve-coordination@incibe.es
CVSS Score : 5.3

References :
https://www.generex.de/support/changelogs/cs141/2-12 | source : cve-coordination@incibe.es
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : redhat.com

Vulnerability ID : CVE-2023-5215

First published on : 28-09-2023 14:15:26
Last modified on : 28-09-2023 14:29:58

Description :
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

CVE ID : CVE-2023-5215
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-5215 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2241041 | source : secalert@redhat.com
https://listman.redhat.com/archives/libguestfs/2023-September/032635.html | source : secalert@redhat.com


Vulnerability ID : CVE-2023-42756

First published on : 28-09-2023 14:15:21
Last modified on : 28-09-2023 14:29:58

Description :
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

CVE ID : CVE-2023-42756
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/security/cve/CVE-2023-42756 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2239848 | source : secalert@redhat.com
https://seclists.org/oss-sec/2023/q3/242 | source : secalert@redhat.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-43044

First published on : 28-09-2023 18:15:11
Last modified on : 28-09-2023 18:19:27

Description :
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.

CVE ID : CVE-2023-43044
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/266893 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7040605 | source : psirt@us.ibm.com

Vulnerability : CWE-22


Source : huntr.dev

Vulnerability ID : CVE-2023-5244

First published on : 28-09-2023 01:15:09
Last modified on : 28-09-2023 12:44:04

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CVE ID : CVE-2023-5244
Source : security@huntr.dev
CVSS Score : 5.0

References :
https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968 | source : security@huntr.dev
https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470 | source : security@huntr.dev

Vulnerability : CWE-79


(0) LOW VULNERABILITIES [0.1, 3.9]

(37) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-41444

First published on : 28-09-2023 03:15:11
Last modified on : 28-09-2023 12:44:04

Description :
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.

CVE ID : CVE-2023-41444
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 | source : cve@mitre.org
https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0 | source : cve@mitre.org
https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml | source : cve@mitre.org


Vulnerability ID : CVE-2023-42222

First published on : 28-09-2023 03:15:11
Last modified on : 28-09-2023 12:44:04

Description :
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

CVE ID : CVE-2023-42222
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/itssixtyn3in/CVE-2023-42222 | source : cve@mitre.org
https://webcatalog.io/changelog/ | source : cve@mitre.org
https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content | source : cve@mitre.org


Vulnerability ID : CVE-2023-38870

First published on : 28-09-2023 04:15:11
Last modified on : 28-09-2023 12:44:04

Description :
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.

CVE ID : CVE-2023-38870
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38870 | source : cve@mitre.org
https://github.com/gugoan/economizzer | source : cve@mitre.org
https://www.economizzer.org | source : cve@mitre.org


Vulnerability ID : CVE-2023-38871

First published on : 28-09-2023 04:15:12
Last modified on : 28-09-2023 12:44:04

Description :
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.

CVE ID : CVE-2023-38871
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871 | source : cve@mitre.org
https://github.com/gugoan/economizzer | source : cve@mitre.org
https://www.economizzer.org | source : cve@mitre.org


Vulnerability ID : CVE-2023-38872

First published on : 28-09-2023 04:15:12
Last modified on : 28-09-2023 12:44:04

Description :
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.

CVE ID : CVE-2023-38872
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38872 | source : cve@mitre.org
https://github.com/gugoan/economizzer | source : cve@mitre.org
https://www.economizzer.org | source : cve@mitre.org


Vulnerability ID : CVE-2023-38873

First published on : 28-09-2023 04:15:12
Last modified on : 28-09-2023 12:44:04

Description :
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

CVE ID : CVE-2023-38873
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38873 | source : cve@mitre.org
https://github.com/gugoan/economizzer | source : cve@mitre.org
https://www.economizzer.org | source : cve@mitre.org


Vulnerability ID : CVE-2023-38874

First published on : 28-09-2023 04:15:12
Last modified on : 28-09-2023 12:44:04

Description :
A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.

CVE ID : CVE-2023-38874
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38874 | source : cve@mitre.org
https://github.com/gugoan/economizzer | source : cve@mitre.org
https://www.economizzer.org | source : cve@mitre.org


Vulnerability ID : CVE-2023-38877

First published on : 28-09-2023 04:15:12
Last modified on : 28-09-2023 12:44:04

Description :
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.

CVE ID : CVE-2023-38877
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38877 | source : cve@mitre.org
https://github.com/gugoan/economizzer/ | source : cve@mitre.org
https://www.economizzer.org | source : cve@mitre.org


Vulnerability ID : CVE-2023-44273

First published on : 28-09-2023 04:15:12
Last modified on : 28-09-2023 12:44:04

Description :
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

CVE ID : CVE-2023-44273
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Consensys/gnark-crypto/pull/449 | source : cve@mitre.org
https://github.com/Consensys/gnark-crypto/releases | source : cve@mitre.org
https://verichains.io | source : cve@mitre.org


Vulnerability ID : CVE-2023-44275

First published on : 28-09-2023 05:15:46
Last modified on : 28-09-2023 12:44:04

Description :
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.

CVE ID : CVE-2023-44275
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/opnsense/core/commit/484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 | source : cve@mitre.org
https://github.com/opnsense/core/compare/23.7.4...23.7.5 | source : cve@mitre.org
https://www.x41-dsec.de/lab/advisories/x41-2023-001-opnsense | source : cve@mitre.org


Vulnerability ID : CVE-2023-44276

First published on : 28-09-2023 05:15:46
Last modified on : 28-09-2023 12:44:04

Description :
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.

CVE ID : CVE-2023-44276
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/opnsense/core/commit/484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 | source : cve@mitre.org
https://github.com/opnsense/core/compare/23.7.4...23.7.5 | source : cve@mitre.org
https://www.x41-dsec.de/lab/advisories/x41-2023-001-opnsense | source : cve@mitre.org


Vulnerability ID : CVE-2023-43869

First published on : 28-09-2023 13:15:09
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.

CVE ID : CVE-2023-43869
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43860

First published on : 28-09-2023 14:15:21
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function.

CVE ID : CVE-2023-43860
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43861

First published on : 28-09-2023 14:15:21
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function.

CVE ID : CVE-2023-43861
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43862

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function.

CVE ID : CVE-2023-43862
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43863

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function.

CVE ID : CVE-2023-43863
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43864

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.

CVE ID : CVE-2023-43864
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43865

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.

CVE ID : CVE-2023-43865
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43866

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function.

CVE ID : CVE-2023-43866
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43867

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function.

CVE ID : CVE-2023-43867
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43868

First published on : 28-09-2023 14:15:22
Last modified on : 28-09-2023 14:29:58

Description :
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.

CVE ID : CVE-2023-43868
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43871

First published on : 28-09-2023 14:15:23
Last modified on : 28-09-2023 14:29:58

Description :
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

CVE ID : CVE-2023-43871
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43872

First published on : 28-09-2023 14:15:24
Last modified on : 28-09-2023 14:29:58

Description :
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

CVE ID : CVE-2023-43872
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CMSmadesimple-File-Upload--XSS---File-Manager | source : cve@mitre.org


Vulnerability ID : CVE-2023-43873

First published on : 28-09-2023 14:15:25
Last modified on : 28-09-2023 14:29:58

Description :
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.

CVE ID : CVE-2023-43873
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/e107-CMS-Stored-XSS---Manage/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43874

First published on : 28-09-2023 14:15:25
Last modified on : 28-09-2023 14:29:58

Description :
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.

CVE ID : CVE-2023-43874
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/e107-CMS-Stored-XSS---MetaCustomTags/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43876

First published on : 28-09-2023 15:15:12
Last modified on : 28-09-2023 18:19:27

Description :
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

CVE ID : CVE-2023-43876
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/October-CMS-Reflected-XSS---Installation/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43878

First published on : 28-09-2023 15:15:12
Last modified on : 28-09-2023 18:19:27

Description :
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.

CVE ID : CVE-2023-43878
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/RiteCMS-Stored-XSS---MainMenu/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43879

First published on : 28-09-2023 15:15:12
Last modified on : 28-09-2023 18:19:27

Description :
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.

CVE ID : CVE-2023-43879
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/RiteCMS-Stored-XSS---GlobalContent/tree/main | source : cve@mitre.org


Vulnerability ID : CVE-2023-43884

First published on : 28-09-2023 15:15:12
Last modified on : 28-09-2023 18:19:27

Description :
A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVE ID : CVE-2023-43884
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-30415

First published on : 28-09-2023 16:15:10
Last modified on : 28-09-2023 18:19:27

Description :
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.

CVE ID : CVE-2023-30415
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/174758/Packers-And-Movers-Management-System-1.0-SQL-Injection.html | source : cve@mitre.org
https://robsware.github.io/2023/09/01/firstcve | source : cve@mitre.org


Vulnerability ID : CVE-2023-43226

First published on : 28-09-2023 20:15:10
Last modified on : 28-09-2023 20:29:46

Description :
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE ID : CVE-2023-43226
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zzq66/cve/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43323

First published on : 28-09-2023 20:15:11
Last modified on : 28-09-2023 20:29:46

Description :
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].

CVE ID : CVE-2023-43323
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ahrixia/CVE-2023-43323 | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-5186

First published on : 28-09-2023 16:15:10
Last modified on : 28-09-2023 18:19:27

Description :
Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

CVE ID : CVE-2023-5186
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html | source : chrome-cve-admin@google.com
https://crbug.com/1478889 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-5187

First published on : 28-09-2023 16:15:10
Last modified on : 28-09-2023 18:19:27

Description :
Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-5187
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html | source : chrome-cve-admin@google.com
https://crbug.com/1475798 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-5217

First published on : 28-09-2023 16:15:10
Last modified on : 28-09-2023 21:15:10

Description :
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-5217
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/28/5 | source : chrome-cve-admin@google.com
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html | source : chrome-cve-admin@google.com
https://crbug.com/1486441 | source : chrome-cve-admin@google.com


Source : redhat.com

Vulnerability ID : CVE-2023-39195

First published on : 28-09-2023 17:15:11
Last modified on : 28-09-2023 17:15:11

Description :
** REJECT ** CVE-2023-39195 was found to be a duplicate of CVE-2023-42755. Please see https://access.redhat.com/security/cve/CVE-2023-42755 for more information.

CVE ID : CVE-2023-39195
Source : secalert@redhat.com
CVSS Score : /

References :


Source : drupal.org

Vulnerability ID : CVE-2023-5256

First published on : 28-09-2023 19:15:10
Last modified on : 28-09-2023 20:29:46

Description :
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.

CVE ID : CVE-2023-5256
Source : mlhess@drupal.org
CVSS Score : /

References :
https://www.drupal.org/sa-core-2023-006 | source : mlhess@drupal.org

Vulnerability : CWE-200


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.