» 2023 » 4월

CVE-2023-26935

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-26935

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.

Source: CVE-2023-26935

CVE-2023-26936

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-26936

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc

Source: CVE-2023-26936

CVE-2023-29268

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.’s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

Source: CVE-2023-29268

CVE-2023-30212

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-30212

OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.

Source: CVE-2023-30212

CVE-2023-2307

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-2307

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

Source: CVE-2023-2307

CVE-2023-30211

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-30211

OURPHP <= 7.2.0 is vulnerable to SQL Injection.

Source: CVE-2023-30211

CVE-2023-30210

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-30210

OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.

Source: CVE-2023-30210

CVE-2022-27979

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2022-27979

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.

Source: CVE-2022-27979

CVE-2022-27978

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.

Source: CVE-2022-27978

CVE-2023-22729

Posted on 2023년 4월 27일2023년 4월 27일 by admin

CVE-2023-22729

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.

Source: CVE-2023-22729