CVE-2023-46587
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
Source: CVE-2023-46587
CVE-2023-46587
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
Source: CVE-2023-46587
CVE-2023-5834
HashiCorp Vagrant’s Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
Source: CVE-2023-5834
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
Source: CVE-2023-46490
CVE-2023-5830
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.
Source: CVE-2023-5830
CVE-2023-44480
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setcasualleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
Source: CVE-2023-44480
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.
Source: CVE-2023-46509
CVE-2023-46211
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions.
Source: CVE-2023-46211
CVE-2023-46208
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
Source: CVE-2023-46208
CVE-2023-46209
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.
Source: CVE-2023-46209
CVE-2023-46200
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions.
Source: CVE-2023-46200