CVE-2022-43701
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
Source: CVE-2022-43701
[월:] 2023년 07월
CVE-2023-33745
CVE-2023-33745
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
Source: CVE-2023-33745
CVE-2023-33744
CVE-2023-33744
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.
Source: CVE-2023-33744
CVE-2023-33742
CVE-2023-33742
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe.
Source: CVE-2023-33742
CVE-2023-33743
CVE-2023-33743
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available.
Source: CVE-2023-33743
CVE-2023-23764
CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
Source: CVE-2023-23764
CVE-2023-36942
CVE-2023-36942
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.
Source: CVE-2023-36942
CVE-2020-22623
CVE-2020-22623
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
Source: CVE-2020-22623
CVE-2023-3980
CVE-2023-3980
Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Source: CVE-2023-3980
CVE-2023-38504
CVE-2023-38504
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.
Source: CVE-2023-38504