CVE List - 2023 / August
Showing 1501 - 1600 of 2479 CVEs for August 2023 (Page 16 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-31492 | 2023-08-17 | Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. |
| CVE-2023-31938 | 2023-08-17 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php. |
| CVE-2023-31939 | 2023-08-17 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php. |
| CVE-2023-31940 | 2023-08-17 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php. |
| CVE-2023-31941 | 2023-08-17 | File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. |
| CVE-2023-31942 | 2023-08-17 | Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. |
| CVE-2023-31943 | 2023-08-17 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php. |
| CVE-2023-31944 | 2023-08-17 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php. |
| CVE-2023-31945 | 2023-08-17 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php. |
| CVE-2023-31946 | 2023-08-17 | File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php. |
| CVE-2023-36106 | 2023-08-17 | An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. |
| CVE-2023-38838 | 2023-08-17 | SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. |
| CVE-2023-38843 | 2023-08-17 | An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. |
| CVE-2023-38902 | 2023-08-17 | A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access... |
| CVE-2023-38905 | 2023-08-17 | SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. |
| CVE-2023-39125 | 2023-08-17 | NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main... |
| CVE-2023-39741 | 2023-08-17 | lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2023-39743 | 2023-08-17 | lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. |
| CVE-2023-33237 | 2023-08-17 | Authentication Bypass Without Administrator Privilege |
| CVE-2023-33238 | 2023-08-17 | Command-injection Vulnerability in Certificate Management |
| CVE-2023-25647 | 2023-08-17 | Permission and Access Control Vulnerability in Some ZTE Mobile Phones |
| CVE-2023-33239 | 2023-08-17 | Second Order Command-injection Vulnerability in the Key-generation Function |
| CVE-2023-34213 | 2023-08-17 | Second Order Command-injection Vulnerability in the Key-generation Function |
| CVE-2023-34214 | 2023-08-17 | Second Order Command-injection Vulnerability in the Certificate-generation Function |
| CVE-2023-4392 | 2023-08-17 | Control iD Gerencia Web Cookie cleartext storage |
| CVE-2023-4395 | 2023-08-17 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit |
| CVE-2023-34215 | 2023-08-17 | Second Order Command-injection Vulnerability in the Certificate-generation Function |
| CVE-2023-40281 | 2023-08-17 | EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web... |
| CVE-2023-34216 | 2023-08-17 | Second Order Command-injection Vulnerability in the Key-delete Function |
| CVE-2023-40252 | 2023-08-17 | Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This... |
| CVE-2023-3244 | 2023-08-17 | The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in... |
| CVE-2023-34217 | 2023-08-17 | Second Order Command-injection Vulnerability in the Certificate-delete Function |
| CVE-2023-40251 | 2023-08-17 | Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue... |
| CVE-2023-28622 | 2023-08-17 | WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28533 | 2023-08-17 | WordPress Cab Grid Plugin <= 1.5.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30876 | 2023-08-17 | WordPress Dave's WordPress Live Search Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30874 | 2023-08-17 | WordPress GPS Plotter Plugin <= 5.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30877 | 2023-08-17 | WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31071 | 2023-08-17 | WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31076 | 2023-08-17 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2910 | 2023-08-17 | A Command injection vulnerability was found on Printer service of ADM |
| CVE-2023-3697 | 2023-08-17 | A Command injection vulnerability was found on Printer service of ADM |
| CVE-2023-3698 | 2023-08-17 | A Command injection vulnerability was found on Printer service of ADM |
| CVE-2023-29182 | 2023-08-17 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to... |
| CVE-2023-31074 | 2023-08-17 | WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26530 | 2023-08-17 | WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31091 | 2023-08-17 | WordPress Dynamically Register Sidebars Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4394 | 2023-08-17 | Memory leak in btrfs_get_dev_args_from_path() |
| CVE-2023-34412 | 2023-08-17 | Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250 |
| CVE-2023-40272 | 2023-08-17 | Apache Airflow Spark Provider Arbitrary File Read via JDBC |
| CVE-2023-31079 | 2023-08-17 | WordPress Tippy Plugin <= 6.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31072 | 2023-08-17 | WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28693 | 2023-08-17 | WordPress Advanced Youtube Channel Pagination Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28783 | 2023-08-17 | WordPress Woocommerce Tip/Donation Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2914 | 2023-08-17 | Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy |
| CVE-2023-2915 | 2023-08-17 | Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability |
| CVE-2023-2917 | 2023-08-17 | Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability |
| CVE-2023-3078 | 2023-08-17 | An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. |
| CVE-2023-4028 | 2023-08-17 | A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2023-4029 | 2023-08-17 | A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2023-4030 | 2023-08-17 | A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure... |
| CVE-2023-34419 | 2023-08-17 | A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2023-40165 | 2023-08-17 | Unauthorized gem replacement for full names ending in numbers on rubygems.org |
| CVE-2023-37914 | 2023-08-17 | Privilege escalation (PR)/RCE from account through Invitation subject/message |
| CVE-2023-40313 | 2023-08-17 | Disable BeanShell Interpreter Remote Server Mode |
| CVE-2023-40315 | 2023-08-17 | ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN |
| CVE-2023-40168 | 2023-08-17 | Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop |
| CVE-2023-36847 | 2023-08-17 | Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files |
| CVE-2023-36844 | 2023-08-17 | Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables |
| CVE-2023-36845 | 2023-08-17 | Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable |
| CVE-2023-36846 | 2023-08-17 | Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files |
| CVE-2023-39970 | 2023-08-17 | Extension - acymailing.com - RCE in AcyMailing component for Joomla 6.7.0-8.5.0 |
| CVE-2023-39973 | 2023-08-17 | Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 |
| CVE-2023-39972 | 2023-08-17 | Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 |
| CVE-2023-39974 | 2023-08-17 | Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 |
| CVE-2023-39971 | 2023-08-17 | Extension - acymailing.com - XSS in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 |
| CVE-2023-40171 | 2023-08-17 | Dispatch writes JWT tokens in error message |
| CVE-2023-28690 | 2023-08-17 | WordPress WP BrowserUpdate Plugin <= 4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27471 | 2023-08-18 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems,... |
| CVE-2023-27576 | 2023-08-18 | An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform... |
| CVE-2023-38839 | 2023-08-18 | SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. |
| CVE-2023-38890 | 2023-08-18 | Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to... |
| CVE-2023-38910 | 2023-08-18 | CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and... |
| CVE-2023-38911 | 2023-08-18 | A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. |
| CVE-2023-39665 | 2023-08-18 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. |
| CVE-2023-39666 | 2023-08-18 | D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters. |
| CVE-2023-39667 | 2023-08-18 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. |
| CVE-2023-39668 | 2023-08-18 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. |
| CVE-2023-39669 | 2023-08-18 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. |
| CVE-2023-39670 | 2023-08-18 | Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets. |
| CVE-2023-39671 | 2023-08-18 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68. |
| CVE-2023-39672 | 2023-08-18 | Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets. |
| CVE-2023-39673 | 2023-08-18 | Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). |
| CVE-2023-39674 | 2023-08-18 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets. |
| CVE-2023-4040 | 2023-08-18 | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to,... |
| CVE-2023-30875 | 2023-08-18 | WordPress Logo Scheduler Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39415 | 2023-08-18 | Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to... |
| CVE-2023-39416 | 2023-08-18 | Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to... |
| CVE-2023-32626 | 2023-08-18 | Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. |
| CVE-2023-35991 | 2023-08-18 | Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions... |