Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-48860: security_research/TOTOLINK-N300RT-RCE.md at main · xieqiang11/security_research

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

CVE
#vulnerability#git#rce#auth
CVE-2023-48861: POC4/README.md at main · xieqiang11/POC4

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

CVE-2023-43298: CVE-reports/CVE-2023-43298.md at main · syz913/CVE-reports

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE-2023-43299: CVE-reports/CVE-2023-43299.md at main · syz913/CVE-reports

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE-2023-43300: CVE-reports/CVE-2023-43300.md at main · syz913/CVE-reports

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE-2023-49225: 20231128 | Security Bulletins | Ruckus Wireless Support

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

CVE-2023-48825: PHPJabbers Availability Booking Calendar 5.0 HTML Injection ≈ Packet Storm

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

CVE-2023-48824: BoidCMS 2.0.1 Cross Site Scripting ≈ Packet Storm

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.

CVE-2023-48823: GaatiTrack Courier Management System 1.0 SQL Injection ≈ Packet Storm

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.

CVE-2023-48208: PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting ≈ Packet Storm

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.