» 2023 » 8월

CVE-2023-31940

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-31940

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php.

Source: CVE-2023-31940

CVE-2023-31942

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.

Source: CVE-2023-31942

CVE-2023-31938

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-31938

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.

Source: CVE-2023-31938

CVE-2023-31939

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.

Source: CVE-2023-31939

CVE-2023-31943

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-31943

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.

Source: CVE-2023-31943

CVE-2023-39743

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-39743

lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.

Source: CVE-2023-39743

CVE-2023-40313

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-40313

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet.

Source: CVE-2023-40313

CVE-2023-38905

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.

Source: CVE-2023-38905

CVE-2023-38843

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-38843

An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function.

Source: CVE-2023-38843

CVE-2023-26469

Posted on 2023년 8월 18일2023년 8월 18일 by admin

CVE-2023-26469

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

Source: CVE-2023-26469