CVE-2023-37267

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

Source: CVE-2023-37267

CVE-2023-31822

An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function.

Source: CVE-2023-31822

CVE-2023-31825

An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.

Source: CVE-2023-31825

CVE-2023-25948

Server information leak of configuration data when an error is generated in response to a specially crafted message.

Source: CVE-2023-25948

CVE-2023-26597

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.

Source: CVE-2023-26597

CVE-2023-2003

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device’s data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

Source: CVE-2023-2003

CVE-2023-3661

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015.

Source: CVE-2023-3661

CVE-2023-3660

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability.

Source: CVE-2023-3660

CVE-2023-25078

Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.

Source: CVE-2023-25078

CVE-2023-3658

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.

Source: CVE-2023-3658