CVE-2023-29721
SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.
Source: CVE-2023-29721
[월:] 2023년 05월
CVE-2023-31458
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
Source: CVE-2023-31458
CVE-2022-30025
CVE-2022-30025
SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds – 1.0 iallows authenticated remote attackers to inject payload via "v" parameter.
Source: CVE-2022-30025
CVE-2022-41221
CVE-2022-41221
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.
Source: CVE-2022-41221
CVE-2023-33799
CVE-2023-33799
A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Source: CVE-2023-33799
CVE-2023-33800
CVE-2023-33800
A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Source: CVE-2023-33800
CVE-2023-33789
CVE-2023-33789
A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Source: CVE-2023-33789
CVE-2023-33794
CVE-2023-33794
A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Source: CVE-2023-33794
CVE-2023-31595
CVE-2023-31595
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.
Source: CVE-2023-31595
CVE-2023-33798
CVE-2023-33798
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Source: CVE-2023-33798