Latest vulnerabilities [Tuesday, December 26, 2023]

Latest vulnerabilities [Tuesday, December 26, 2023]
{{titre}}

Last update performed on 12/26/2023 at 11:57:05 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(1) HIGH VULNERABILITIES [7.0, 8.9]

Source : 8a9629cb-c5e7-4d2a-a894-111e8039b7ea

Vulnerability ID : CVE-2023-5180

First published on : 26-12-2023 09:15:07
Last modified on : 26-12-2023 20:34:16

Description :
An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE ID : CVE-2023-5180
Source : 8a9629cb-c5e7-4d2a-a894-111e8039b7ea
CVSS Score : 7.8

References :
https://www.opendesign.com/security-advisories | source : 8a9629cb-c5e7-4d2a-a894-111e8039b7ea

Vulnerability : CWE-787


(2) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-7111

First published on : 26-12-2023 03:15:09
Last modified on : 26-12-2023 20:34:16

Description :
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7111
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249006 | source : cna@vuldb.com
https://vuldb.com/?id.249006 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2012-10017

First published on : 26-12-2023 10:15:07
Last modified on : 26-12-2023 20:34:16

Description :
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.

CVE ID : CVE-2012-10017
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d | source : cna@vuldb.com
https://vuldb.com/?ctiid.248955 | source : cna@vuldb.com
https://vuldb.com/?id.248955 | source : cna@vuldb.com

Vulnerability : CWE-352


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2014-125109

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956.

CVE ID : CVE-2014-125109
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248956 | source : cna@vuldb.com
https://vuldb.com/?id.248956 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2015-10127

First published on : 26-12-2023 17:15:07
Last modified on : 26-12-2023 20:34:16

Description :
A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability.

CVE ID : CVE-2015-10127
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd | source : cna@vuldb.com
https://vuldb.com/?ctiid.248954 | source : cna@vuldb.com
https://vuldb.com/?id.248954 | source : cna@vuldb.com

Vulnerability : CWE-79


(62) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-27150

First published on : 26-12-2023 04:15:07
Last modified on : 26-12-2023 20:34:16

Description :
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.

CVE ID : CVE-2023-27150
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss/ | source : cve@mitre.org
https://www.opencrx.org/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28616

First published on : 26-12-2023 04:15:07
Last modified on : 26-12-2023 20:34:16

Description :
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

CVE ID : CVE-2023-28616
Source : cve@mitre.org
CVSS Score : /

References :
https://advisories.stormshield.eu/2023-006 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49949

First published on : 26-12-2023 14:15:07
Last modified on : 26-12-2023 20:34:16

Description :
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.

CVE ID : CVE-2023-49949
Source : cve@mitre.org
CVSS Score : /

References :
https://acribia.ru/articles/2fa_bypass_passwork | source : cve@mitre.org
https://passwork.ru/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51103

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c.

CVE ID : CVE-2023-51103
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51104

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c line 527.

CVE ID : CVE-2023-51104
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51105

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.

CVE ID : CVE-2023-51105
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51106

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c.

CVE ID : CVE-2023-51106
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51107

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c.

CVE ID : CVE-2023-51107
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51095

First published on : 26-12-2023 17:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.

CVE ID : CVE-2023-51095
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/M3/delWlPolicyData/M3_delWlPolicyData.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43851

First published on : 26-12-2023 18:15:07
Last modified on : 26-12-2023 18:15:07

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-43851
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-45251

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 18:15:08

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-45251
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-51090

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.

CVE ID : CVE-2023-51090
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/M3/getWeiXinConfig/M3_getWeiXinConfig.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51091

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.

CVE ID : CVE-2023-51091
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/M3/cookie/M3_cookie.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51092

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.

CVE ID : CVE-2023-51092
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/M3/upgrade/M3_upgrade.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51093

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.

CVE ID : CVE-2023-51093
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/M3/setVlanInfo/M3_setVlanInfo.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51094

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.

CVE ID : CVE-2023-51094
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/M3/telnet/M3_telnet.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51097

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.

CVE ID : CVE-2023-51097
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/W9/W9_setAutoPing/W9_setAutoPing.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51098

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .

CVE ID : CVE-2023-51098
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/W9/W9_setDiagnoseInfo/W9_setDiagnoseInfo.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51099

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .

CVE ID : CVE-2023-51099
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/W9/W9_execommand/W9_execommand.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51100

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .

CVE ID : CVE-2023-51100
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/W9/W9_getDiagnoseInfo/W9_getDiagnoseInfo.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51101

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.

CVE ID : CVE-2023-51101
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/W9/W9_setUplinkInfo/W9_setUplinkInfo.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51102

First published on : 26-12-2023 18:15:08
Last modified on : 26-12-2023 20:34:16

Description :
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.

CVE ID : CVE-2023-51102
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GD008/TENDA/blob/main/W9/W9_WifiMacFilterSet/W9_WifiMacFilterSet.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52086

First published on : 26-12-2023 18:15:09
Last modified on : 26-12-2023 20:34:16

Description :
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)

CVE ID : CVE-2023-52086
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aac45653b | source : cve@mitre.org
https://github.com/dilab/resumable.php/issues/34 | source : cve@mitre.org
https://github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b4738a5a4dd0832a926 | source : cve@mitre.org
https://github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d417933787232a64304b | source : cve@mitre.org
https://github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477eee642836cab3b4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48003

First published on : 26-12-2023 22:15:13
Last modified on : 26-12-2023 22:15:13

Description :
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.

CVE ID : CVE-2023-48003
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.unsafe-inline.com/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003 | source : cve@mitre.org
https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49438

First published on : 26-12-2023 22:15:13
Last modified on : 26-12-2023 22:15:13

Description :
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.

CVE ID : CVE-2023-49438
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Flask-Middleware/flask-security | source : cve@mitre.org
https://github.com/brandon-t-elliott/CVE-2023-49438 | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-49117

First published on : 26-12-2023 06:15:07
Last modified on : 26-12-2023 20:34:16

Description :
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.

CVE ID : CVE-2023-49117
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN32646742/ | source : vultures@jpcert.or.jp
https://www.powercms.jp/news/release-powercms-202312.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-50297

First published on : 26-12-2023 06:15:07
Last modified on : 26-12-2023 20:34:16

Description :
Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.

CVE ID : CVE-2023-50297
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN32646742/ | source : vultures@jpcert.or.jp
https://www.powercms.jp/news/release-powercms-202312.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-51654

First published on : 26-12-2023 06:15:07
Last modified on : 26-12-2023 20:34:16

Description :
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.

CVE ID : CVE-2023-51654
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU97943829/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-42436

First published on : 26-12-2023 08:15:09
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-42436
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-45737

First published on : 26-12-2023 08:15:09
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-45737
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-45740

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-45740
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-45741

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.

CVE ID : CVE-2023-45741
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN23771490/ | source : vultures@jpcert.or.jp
https://www.buffalo.jp/news/detail/20231225-01.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-46681

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.

CVE ID : CVE-2023-46681
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN23771490/ | source : vultures@jpcert.or.jp
https://www.buffalo.jp/news/detail/20231225-01.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-46699

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

CVE ID : CVE-2023-46699
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-46711

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.

CVE ID : CVE-2023-46711
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN23771490/ | source : vultures@jpcert.or.jp
https://www.buffalo.jp/news/detail/20231225-01.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47215

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-47215
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49119

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-49119
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49598

First published on : 26-12-2023 08:15:10
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-49598
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49779

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-49779
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49807

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-49807
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-50175

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-50175
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-50294

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

CVE ID : CVE-2023-50294
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-50332

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.

CVE ID : CVE-2023-50332
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-50339

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CVE ID : CVE-2023-50339
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN18715935/ | source : vultures@jpcert.or.jp
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-51363

First published on : 26-12-2023 08:15:11
Last modified on : 26-12-2023 20:34:16

Description :
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.

CVE ID : CVE-2023-51363
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN23771490/ | source : vultures@jpcert.or.jp
https://www.buffalo.jp/news/detail/20231225-01.html | source : vultures@jpcert.or.jp


Source : apache.org

Vulnerability ID : CVE-2023-50968

First published on : 26-12-2023 12:15:07
Last modified on : 26-12-2023 20:34:16

Description :
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

CVE ID : CVE-2023-50968
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/26/2 | source : security@apache.org
https://issues.apache.org/jira/browse/OFBIZ-12875 | source : security@apache.org
https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q | source : security@apache.org
https://ofbiz.apache.org/download.html | source : security@apache.org
https://ofbiz.apache.org/release-notes-18.12.11.html | source : security@apache.org
https://ofbiz.apache.org/security.html | source : security@apache.org

Vulnerability : CWE-200
Vulnerability : CWE-918


Vulnerability ID : CVE-2023-51467

First published on : 26-12-2023 15:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)

CVE ID : CVE-2023-51467
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/26/3 | source : security@apache.org
https://issues.apache.org/jira/browse/OFBIZ-12873 | source : security@apache.org
https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv | source : security@apache.org
https://lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o | source : security@apache.org
https://ofbiz.apache.org/download.html | source : security@apache.org
https://ofbiz.apache.org/release-notes-18.12.11.html | source : security@apache.org
https://ofbiz.apache.org/security.html | source : security@apache.org


Source : wpscan.com

Vulnerability ID : CVE-2023-5203

First published on : 26-12-2023 19:15:07
Last modified on : 26-12-2023 20:34:16

Description :
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

CVE ID : CVE-2023-5203
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5644

First published on : 26-12-2023 19:15:07
Last modified on : 26-12-2023 20:34:16

Description :
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.

CVE ID : CVE-2023-5644
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5645

First published on : 26-12-2023 19:15:07
Last modified on : 26-12-2023 20:34:16

Description :
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.

CVE ID : CVE-2023-5645
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e392fb53-66e9-4c43-9e4f-f4ea7c561551 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5672

First published on : 26-12-2023 19:15:07
Last modified on : 26-12-2023 20:34:16

Description :
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.

CVE ID : CVE-2023-5672
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5673

First published on : 26-12-2023 19:15:07
Last modified on : 26-12-2023 20:34:16

Description :
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

CVE ID : CVE-2023-5673
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5674

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.

CVE ID : CVE-2023-5674
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5931

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server

CVE ID : CVE-2023-5931
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5939

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.

CVE ID : CVE-2023-5939
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5980

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE ID : CVE-2023-5980
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/b621261b-ae18-4853-9ace-7b773810529a | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5991

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server

CVE ID : CVE-2023-5991
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6114

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

CVE ID : CVE-2023-6114
Source : contact@wpscan.com
CVSS Score : /

References :
https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing | source : contact@wpscan.com
https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6155

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.

CVE ID : CVE-2023-6155
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6166

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

CVE ID : CVE-2023-6166
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6250

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag

CVE ID : CVE-2023-6250
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/6cad602b-7414-4867-8ae2-f0b846c4c8f0 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6268

First published on : 26-12-2023 19:15:08
Last modified on : 26-12-2023 20:34:16

Description :
The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-6268
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/15b9ab48-c038-4f2e-b823-1e374baae985 | source : contact@wpscan.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.