CVE-2023-28020
 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
Source: CVE-2023-28020
[월:] 2023년 07월
CVE-2023-28021
CVE-2023-33871
CVE-2023-33871
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot.
Source: CVE-2023-33871
CVE-2023-34330
CVE-2023-34330
AMI SPx contains a vulnerability in the BMC where a User may cause a improper control of generation of code by Dynamic Redfish Extension. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.Â
Source: CVE-2023-34330
CVE-2023-34329
CVE-2023-34329
AMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.
Source: CVE-2023-34329
CVE-2023-38257
CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.
Source: CVE-2023-38257
CVE-2023-35189
CVE-2023-35189
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote
code execution vulnerability that could allow an unauthenticated user to
upload a malicious payload and execute it.
Source: CVE-2023-35189
CVE-2023-35763
CVE-2023-35763
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
Source: CVE-2023-35763
CVE-2023-36669
CVE-2023-36669
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU.
Source: CVE-2023-36669
CVE-2023-33312
CVE-2023-33312
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <=Â 1.0 versions.
Source: CVE-2023-33312