CVE-2023-46435

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.

Source: CVE-2023-46435

CVE-2023-5792

A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.

Source: CVE-2023-5792

CVE-2023-5791

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.

Source: CVE-2023-5791

CVE-2023-5790

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.

Source: CVE-2023-5790

CVE-2023-5789

A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.

Source: CVE-2023-5789

CVE-2023-5623

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location

Source: CVE-2023-5623

CVE-2023-43208

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. This is a bypass of the patch put in for CVE-2023-37679.

Source: CVE-2023-43208

CVE-2023-46666

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

Source: CVE-2023-46666

CVE-2023-5622

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITYSYSTEM on Windows hosts by replacing a specially crafted file.

Source: CVE-2023-5622

CVE-2023-45317

The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the
requests. This can be exploited to perform certain actions with
administrative privileges if a logged-in user visits a malicious web
site.

Source: CVE-2023-45317