CVE-2023-29835
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
Source: CVE-2023-29835
[월:] 2023년 04월
CVE-2023-29836
CVE-2023-29836
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.
Source: CVE-2023-29836
CVE-2023-29596
CVE-2023-29596
Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.
Source: CVE-2023-29596
CVE-2023-28008
CVE-2023-28008
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Source: CVE-2023-28008
CVE-2023-28009
CVE-2023-28009
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Source: CVE-2023-28009
CVE-2023-30280
CVE-2023-30280
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.
Source: CVE-2023-30280
CVE-2023-26567
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Source: CVE-2023-26567
CVE-2022-45456
CVE-2022-45456
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.
Source: CVE-2022-45456
CVE-2023-27559
CVE-2023-27559
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.
Source: CVE-2023-27559
CVE-2020-36070
CVE-2020-36070
Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.
Source: CVE-2020-36070