CVE-2023-1548
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to
perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products:Â EcoStruxure Control Expert (V15.1 and above)
Source: CVE-2023-1548
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause
remote code execution when a valid user visits a malicious link provided through the web
endpoints. Affected Products:Â EcoStruxure Control Expert (V15.1 and above)
Source: CVE-2023-27976
CVE-2023-28142
A Race Condition exists in the Qualys Cloud Agent for Windows
platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to
escalate privileges limited on the local machine during uninstallation of the
Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on
that asset to run arbitrary commands.
At the time of this disclosure, versions before 4.0 are classified as End
of Life.
Source: CVE-2023-28142
CVE-2023-28143
Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)
installer allows a local escalation of privilege bounded only to the time of
installation and only on older macOSX (macOS 10.15 and older) versions.
Attackers may exploit incorrect file permissions to give them ROOT command
execution privileges on the host. During the install of the PKG, a step in the
process involves extracting the package and copying files to several
directories. Attackers may gain writable access to files during the install of
PKG when extraction of the package and copying files to several directories,
enabling a local escalation of privilege.
Source: CVE-2023-28143
CVE-2023-28140
An Executable Hijacking condition exists in the
Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers
may load a malicious copy of a Dependency Link Library (DLL) via a local
attack vector instead of the DLL that the application was expecting, when
processes are running with escalated privileges. This vulnerability
is bounded only to the time of uninstallation and can only be exploited
locally.
At the time of this disclosure, versions before 4.0 are classified as End of
Life.
Source: CVE-2023-28140
CVE-2023-2160
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
Source: CVE-2023-2160
CVE-2023-28141
An NTFS Junction condition exists in the Qualys Cloud Agent
for Windows platform in versions before 4.5.3.1. Attackers may write files to
arbitrary locations via a local attack vector. This allows attackers to assume
the privileges of the process, and they may delete or otherwise on unauthorized
files, allowing for the potential modification or deletion of sensitive files
limited only to that specific directory/file object. This vulnerability is
bounded only to the time of uninstallation and can only be exploited locally.
At the time of this disclosure, versions before 4.0 are
classified as End of Life.
Source: CVE-2023-28141
CVE-2023-29774
Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).
Source: CVE-2023-29774
CVE-2023-2155
A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226276.
Source: CVE-2023-2155
CVE-2023-2154
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/?page=reminders/view_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226275.
Source: CVE-2023-2154