CVE-2023-45024
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
Source: CVE-2023-45024
CVE-2023-45024
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
Source: CVE-2023-45024
CVE-2023-41164
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Source: CVE-2023-41164
CVE-2023-41259
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
Source: CVE-2023-41259
CVE-2023-41260
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
Source: CVE-2023-41260
CVE-2023-38965
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
Source: CVE-2023-38965
CVE-2023-41345
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.
Source: CVE-2023-41345
CVE-2023-41350
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
Source: CVE-2023-41350
CVE-2023-41343
Rogic No-Code Database Builder’s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
Source: CVE-2023-41343
CVE-2023-41348
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
Source: CVE-2023-41348
CVE-2023-41347
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
Source: CVE-2023-41347