CVE-2023-46510
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.
Source: CVE-2023-46510
[글쓴이:] admin
CVE-2023-40138
CVE-2023-40138
In FillUi of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Source: CVE-2023-40138
CVE-2023-40140
CVE-2023-40140
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source: CVE-2023-40140
CVE-2023-40139
CVE-2023-40139
In FillUi of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Source: CVE-2023-40139
CVE-2023-46200
CVE-2023-46200
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions.
Source: CVE-2023-46200
CVE-2023-46209
CVE-2023-46209
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.
Source: CVE-2023-46209
CVE-2023-46208
CVE-2023-46208
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
Source: CVE-2023-46208
CVE-2023-46211
CVE-2023-46211
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions.
Source: CVE-2023-46211
CVE-2023-46509
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.
Source: CVE-2023-46509
CVE-2023-44480
CVE-2023-44480
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setcasualleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
Source: CVE-2023-44480