Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2023-46378: Minicms1.1.1 Exists storage xss

Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.

CVE
Open in Source
#xss#vulnerability#web#git#java#php
CVE-2023-46485: TOTOlink X6000R command injection(setTracerouteCfg)

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

CVE-2023-46484: TOTOlink X6000R command injetction (setLedCfg)

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.

CVE-2023-4836: CVE-2023-4836 - User Private Files - IDOR to Sensitive data and private files exposure / leak of info - POC - Use only certified WordPress plugins for your website

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

CVE-2023-5237: CVE-2023-5237 - Memberlite Shortcodes - Stored XSS via shortcode - Use only certified WordPress plugins for your website

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

Debian Security Advisory 5540-1

Debian Linux Security Advisory 5540-1 - Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.

Ubuntu Security Notice USN-6457-1

Ubuntu Security Notice 6457-1 - Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2023-6199-01

Red Hat Security Advisory 2023-6199-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6198-01

Red Hat Security Advisory 2023-6198-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6197-01

Red Hat Security Advisory 2023-6197-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.