This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T20:00:36+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .]]> 2023-10-27T05:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34058 www.secnews.physaphae.fr/article.php?IdArticle=8401369 False Tool None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46503 www.secnews.physaphae.fr/article.php?IdArticle=8401264 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46504 www.secnews.physaphae.fr/article.php?IdArticle=8401265 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \'callrail_form\' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the \'form_id\' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5051 www.secnews.physaphae.fr/article.php?IdArticle=8401271 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46815 www.secnews.physaphae.fr/article.php?IdArticle=8401268 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45499 www.secnews.physaphae.fr/article.php?IdArticle=8401259 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46816 www.secnews.physaphae.fr/article.php?IdArticle=8401269 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46818 www.secnews.physaphae.fr/article.php?IdArticle=8401270 False None None None CVE Liste - Common Vulnerability Exposure VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.]]> 2023-10-27T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45498 www.secnews.physaphae.fr/article.php?IdArticle=8401258 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'add1\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-27T03:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44375 www.secnews.physaphae.fr/article.php?IdArticle=8401257 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.]]> 2023-10-27T03:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46813 www.secnews.physaphae.fr/article.php?IdArticle=8401267 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'contact\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-27T03:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44162 www.secnews.physaphae.fr/article.php?IdArticle=8401256 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'email\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-27T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43738 www.secnews.physaphae.fr/article.php?IdArticle=8401255 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.]]> 2023-10-27T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5814 www.secnews.physaphae.fr/article.php?IdArticle=8401276 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643.]]> 2023-10-27T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5812 www.secnews.physaphae.fr/article.php?IdArticle=8401274 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644.]]> 2023-10-27T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5813 www.secnews.physaphae.fr/article.php?IdArticle=8401275 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.]]> 2023-10-27T01:15:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46376 www.secnews.physaphae.fr/article.php?IdArticle=8401262 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability.]]> 2023-10-27T01:15:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5811 www.secnews.physaphae.fr/article.php?IdArticle=8401273 False Threat None None CVE Liste - Common Vulnerability Exposure ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).]]> 2023-10-27T01:15:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46375 www.secnews.physaphae.fr/article.php?IdArticle=8401261 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.]]> 2023-10-27T01:15:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5810 www.secnews.physaphae.fr/article.php?IdArticle=8401272 False Threat None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.]]> 2023-10-27T01:15:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46505 www.secnews.physaphae.fr/article.php?IdArticle=8401266 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.]]> 2023-10-27T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46491 www.secnews.physaphae.fr/article.php?IdArticle=8401263 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).]]> 2023-10-27T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46374 www.secnews.physaphae.fr/article.php?IdArticle=8401260 False None None None CVE Liste - Common Vulnerability Exposure IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).]]> 2023-10-27T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42188 www.secnews.physaphae.fr/article.php?IdArticle=8401254 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'gender\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-26T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44268 www.secnews.physaphae.fr/article.php?IdArticle=8401163 False None None None CVE Liste - Common Vulnerability Exposure Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.]]> 2023-10-26T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27170 www.secnews.physaphae.fr/article.php?IdArticle=8401158 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'fnm\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-26T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43737 www.secnews.physaphae.fr/article.php?IdArticle=8401162 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5805 www.secnews.physaphae.fr/article.php?IdArticle=8401164 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17879 www.secnews.physaphae.fr/article.php?IdArticle=8401157 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16739 www.secnews.physaphae.fr/article.php?IdArticle=8401153 False None None None CVE Liste - Common Vulnerability Exposure An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43352 www.secnews.physaphae.fr/article.php?IdArticle=8401161 False None None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17878 www.secnews.physaphae.fr/article.php?IdArticle=8401156 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17558 www.secnews.physaphae.fr/article.php?IdArticle=8401154 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17559 www.secnews.physaphae.fr/article.php?IdArticle=8401155 False None None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42406 www.secnews.physaphae.fr/article.php?IdArticle=8401160 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.]]> 2023-10-26T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38328 www.secnews.physaphae.fr/article.php?IdArticle=8401159 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.]]> 2023-10-26T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46665 www.secnews.physaphae.fr/article.php?IdArticle=8401111 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated]]> 2023-10-26T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46748 www.secnews.physaphae.fr/article.php?IdArticle=8401113 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated]]> 2023-10-26T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46747 www.secnews.physaphae.fr/article.php?IdArticle=8401112 False None None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.]]> 2023-10-26T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46664 www.secnews.physaphae.fr/article.php?IdArticle=8401110 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.]]> 2023-10-26T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33558 www.secnews.physaphae.fr/article.php?IdArticle=8401101 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.]]> 2023-10-26T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46663 www.secnews.physaphae.fr/article.php?IdArticle=8401109 False None None None CVE Liste - Common Vulnerability Exposure A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.]]> 2023-10-26T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33559 www.secnews.physaphae.fr/article.php?IdArticle=8401102 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.]]> 2023-10-26T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39726 www.secnews.physaphae.fr/article.php?IdArticle=8401104 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.  The \'lnm\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44267 www.secnews.physaphae.fr/article.php?IdArticle=8401106 False None None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46662 www.secnews.physaphae.fr/article.php?IdArticle=8401108 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39936 www.secnews.physaphae.fr/article.php?IdArticle=8401105 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39427 www.secnews.physaphae.fr/article.php?IdArticle=8401103 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5754 www.secnews.physaphae.fr/article.php?IdArticle=8401114 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5804 www.secnews.physaphae.fr/article.php?IdArticle=8401115 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0897 www.secnews.physaphae.fr/article.php?IdArticle=8401100 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.]]> 2023-10-26T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46661 www.secnews.physaphae.fr/article.php?IdArticle=8401107 False None None None CVE Liste - Common Vulnerability Exposure Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.]]> 2023-10-26T19:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31416 www.secnews.physaphae.fr/article.php?IdArticle=8401052 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability.]]> 2023-10-26T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5796 www.secnews.physaphae.fr/article.php?IdArticle=8401060 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46435 www.secnews.physaphae.fr/article.php?IdArticle=8401056 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5793 www.secnews.physaphae.fr/article.php?IdArticle=8401057 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31417 www.secnews.physaphae.fr/article.php?IdArticle=8401053 False None None None CVE Liste - Common Vulnerability Exposure An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31418 www.secnews.physaphae.fr/article.php?IdArticle=8401054 False None None None CVE Liste - Common Vulnerability Exposure A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31419 www.secnews.physaphae.fr/article.php?IdArticle=8401055 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5794 www.secnews.physaphae.fr/article.php?IdArticle=8401058 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability.]]> 2023-10-26T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5795 www.secnews.physaphae.fr/article.php?IdArticle=8401059 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.]]> 2023-10-26T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5790 www.secnews.physaphae.fr/article.php?IdArticle=8401011 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.]]> 2023-10-26T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5792 www.secnews.physaphae.fr/article.php?IdArticle=8401013 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure > conduit au script du site croisé.Il est possible de lancer l'attaque à distance.L'exploit a été divulgué au public et peut être utilisé.VDB-243594 est l'identifiant attribué à cette vulnérabilité.

---

A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.]]> 2023-10-26T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5789 www.secnews.physaphae.fr/article.php?IdArticle=8401010 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.]]> 2023-10-26T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5791 www.secnews.physaphae.fr/article.php?IdArticle=8401012 False Threat None None CVE Liste - Common Vulnerability Exposure The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45228 www.secnews.physaphae.fr/article.php?IdArticle=8401002 False None None None CVE Liste - Common Vulnerability Exposure NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5623 www.secnews.physaphae.fr/article.php?IdArticle=8401006 False None None None CVE Liste - Common Vulnerability Exposure Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5624 www.secnews.physaphae.fr/article.php?IdArticle=8401007 False None None None CVE Liste - Common Vulnerability Exposure NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. This is a bypass of the patch put in for CVE-2023-37679.]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43208 www.secnews.physaphae.fr/article.php?IdArticle=8401001 False None None None CVE Liste - Common Vulnerability Exposure Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5622 www.secnews.physaphae.fr/article.php?IdArticle=8401005 False None None None CVE Liste - Common Vulnerability Exposure The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45317 www.secnews.physaphae.fr/article.php?IdArticle=8401003 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.]]> 2023-10-26T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46666 www.secnews.physaphae.fr/article.php?IdArticle=8401004 False None None None CVE Liste - Common Vulnerability Exposure The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.]]> 2023-10-26T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42769 www.secnews.physaphae.fr/article.php?IdArticle=8401000 False None None None CVE Liste - Common Vulnerability Exposure The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.]]> 2023-10-26T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41966 www.secnews.physaphae.fr/article.php?IdArticle=8400999 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592.]]> 2023-10-26T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5786 www.secnews.physaphae.fr/article.php?IdArticle=8401008 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability.]]> 2023-10-26T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5787 www.secnews.physaphae.fr/article.php?IdArticle=8401009 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46449 www.secnews.physaphae.fr/article.php?IdArticle=8400956 False None None None CVE Liste - Common Vulnerability Exposure Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46450 www.secnews.physaphae.fr/article.php?IdArticle=8400957 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5785 www.secnews.physaphae.fr/article.php?IdArticle=8400961 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure browserify-sign is a package to duplicate the functionality of node\'s crypto public key functions, much of this is based on Fedor Indutny\'s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46234 www.secnews.physaphae.fr/article.php?IdArticle=8400954 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5784 www.secnews.physaphae.fr/article.php?IdArticle=8400960 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim’s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46238 www.secnews.physaphae.fr/article.php?IdArticle=8400955 False Threat None None CVE Liste - Common Vulnerability Exposure ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.]]> 2023-10-26T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45869 www.secnews.physaphae.fr/article.php?IdArticle=8400952 False None None None CVE Liste - Common Vulnerability Exposure The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system\'s components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it\'s essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.]]> 2023-10-26T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45868 www.secnews.physaphae.fr/article.php?IdArticle=8400951 False Threat None None CVE Liste - Common Vulnerability Exposure ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system\'s security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet.]]> 2023-10-26T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45867 www.secnews.physaphae.fr/article.php?IdArticle=8400950 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.]]> 2023-10-26T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41095 www.secnews.physaphae.fr/article.php?IdArticle=8400948 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-26T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5782 www.secnews.physaphae.fr/article.php?IdArticle=8400958 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-26T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5783 www.secnews.physaphae.fr/article.php?IdArticle=8400959 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2023-10-26T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46090 www.secnews.physaphae.fr/article.php?IdArticle=8400953 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.]]> 2023-10-26T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41096 www.secnews.physaphae.fr/article.php?IdArticle=8400949 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-26T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5781 www.secnews.physaphae.fr/article.php?IdArticle=8400905 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-26T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5780 www.secnews.physaphae.fr/article.php?IdArticle=8400904 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46094 www.secnews.physaphae.fr/article.php?IdArticle=8400903 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46081 www.secnews.physaphae.fr/article.php?IdArticle=8400901 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46075 www.secnews.physaphae.fr/article.php?IdArticle=8400898 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46076 www.secnews.physaphae.fr/article.php?IdArticle=8400899 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46077 www.secnews.physaphae.fr/article.php?IdArticle=8400900 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46088 www.secnews.physaphae.fr/article.php?IdArticle=8400902 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32116 www.secnews.physaphae.fr/article.php?IdArticle=8400895 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.]]> 2023-10-26T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17477 www.secnews.physaphae.fr/article.php?IdArticle=8400893 False None None None