Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34849: IOT-POC/Ikuai at main · cczzmm/IOT-POC

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.

CVE
Open in Source
#vulnerability#web#git#auth
CVE-2023-34598: GitHub - maddsec/CVE-2023-34598: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation fold

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.

CVE-2015-1313: Download TeamCity: Hassle-free CI and CD Server

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

CVE-2023-34844: Invalid link

Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.

CVE-2023-33466: Security advisory for Orthanc deployments running versions before 1.12.0

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).

CVE-2023-3458: CveHubList/Shopping Website (E-Commerce) forgot-password.php has Sqlinjection.pdf at main · AD-Appledog/CveHubList

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.

CVE-2023-3457: CveList/Shopping Website (E-Commerce) index.php has Sqlinjection.pdf at main · qwegz/CveList

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.

CVE-2023-34487: GitHub - JunyanYip/itsourcecode_justines_sql_vul

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.

CVE-2023-34486: GitHub - JunyanYip/itsourcecode_justines_xss_vul

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.