Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-46535: Digging/TP-LINK/TL-WR886N/6/1.md at main · XYIYM/Digging

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.

CVE
Open in Source
#vulnerability#git
CVE-2023-46537: Digging/TP-LINK/TL-WR886N/7/1.md at main · XYIYM/Digging

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.

CVE-2023-46525: Digging/TP-LINK/TL-WR886N/12/1.md at main · XYIYM/Digging

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.

CVE-2023-37913: Arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patc...

CVE-2023-46543: Digging/TOTOLINK/X2000R/16/1.md at main · XYIYM/Digging

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.

CVE-2023-46518: A15 V1.0升级软件20230818_1.0.3 - 服务支持 - 水星网络官方网站

Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.

CVE-2023-5568: cve-details

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

CVE-2023-46069: WordPress Ajax Archive Calendar plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions.

CVE-2023-45837: WordPress Ultimate Taxonomy Manager plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.

CVE-2023-45759: WordPress Peter’s Custom Anti-Spam plugin <= 3.2.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin <= 3.2.2 versions.