Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-23845

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

CVE
Open in Source
#vulnerability#web
ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee

By Waqas Key Findings Las Vegas-based MGM Resorts International, a global entertainment and hospitality giant, has been hit by a… This is a post from HackRead.com Read the original post: ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee

CVE-2023-40617: vulnerability-research/CVE-2023-40617 at main · dub-flow/vulnerability-research

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.

CVE-2023-41154: Usermin-2.000/CVE-2023-41154 at main · shindeanik/Usermin-2.000

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.

CVE-2023-41152: Usermin-2.000/CVE-2023-41152 at main · shindeanik/Usermin-2.000

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.

CVE-2023-41155: Usermin-2.000/CVE-2023-41155 at main · shindeanik/Usermin-2.000

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

CVE-2023-41158: Usermin-2.000/CVE-2023-41158 at main · shindeanik/Usermin-2.000

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.

CVE-2023-41162: Usermin-2.000/CVE-2023-41162 at main · shindeanik/Usermin-2.000

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.

CVE-2023-4568: PaperCut NG Unauthenticated XMLRPC Functionality

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

CVE-2023-40850: cve/NS-ASG-bak-leakage.md at main · flyyue2001/cve

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway.