Total
3075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20134 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20073 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. | |||||
| CVE-2023-20040 | 1 Cisco | 1 Network Services Orchestrator | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used. | |||||
| CVE-2023-20009 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device. | |||||
| CVE-2023-1970 | 1 Tpadmin Project | 1 Tpadmin | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-1942 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. | |||||
| CVE-2023-1826 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. | |||||
| CVE-2023-1800 | 1 Go-fastdfs Project | 1 Go-fastdfs | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768. | |||||
| CVE-2023-1797 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability. | |||||
| CVE-2023-1744 | 1 Ibos | 1 Ibos | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632. | |||||
| CVE-2023-1739 | 1 Simple And Beautiful Shopping Cart System Project | 1 Simple And Beautiful Shopping Cart System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224627. | |||||
| CVE-2023-1734 | 1 Young Entrepreneur E-negosyo System Project | 1 Young Entrepreneur E-negosyo System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-224622 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1731 | 1 Meinbergglobal | 7 Lantime Firmware, Lantime M100, Lantime M200 and 4 more | 2024-11-21 | N/A | 7.2 HIGH |
| In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. | |||||
| CVE-2023-1728 | 1 Fernus | 1 Learning Management Systems | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. | |||||
| CVE-2023-1721 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2024-11-21 | N/A | 9.1 CRITICAL |
| Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | |||||
| CVE-2023-1720 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | N/A | 9.6 CRITICAL |
| Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. | |||||
| CVE-2023-1713 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | N/A | 8.8 HIGH |
| Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file. | |||||
| CVE-2023-1684 | 1 Hadsky | 1 Hadsky | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability. | |||||
| CVE-2023-1561 | 1 Fabianros | 1 Simple Online Hotel Reservation System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1559 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552. | |||||