CVE-2023-33558
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.
Source: CVE-2023-33558
[글쓴이:] admin
CVE-2023-33559
CVE-2023-33559
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.
Source: CVE-2023-33559
CVE-2023-39726
CVE-2023-39726
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
Source: CVE-2023-39726
CVE-2023-46663
CVE-2023-46663
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Source: CVE-2023-46663
CVE-2023-44267
CVE-2023-44267
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.  The ‘lnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
Source: CVE-2023-44267
CVE-2023-0897
CVE-2023-0897
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Source: CVE-2023-0897
CVE-2023-39427
CVE-2023-39427
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Source: CVE-2023-39427
CVE-2023-46661
CVE-2023-46661
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
Source: CVE-2023-46661
CVE-2023-5754
CVE-2023-5754
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Source: CVE-2023-5754
CVE-2023-39936
CVE-2023-39936
In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Source: CVE-2023-39936