This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-02T07:35:11+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41659 www.secnews.physaphae.fr/article.php?IdArticle=8392301 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41732 www.secnews.physaphae.fr/article.php?IdArticle=8392302 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41950 www.secnews.physaphae.fr/article.php?IdArticle=8392304 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41801 www.secnews.physaphae.fr/article.php?IdArticle=8392303 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41654 www.secnews.physaphae.fr/article.php?IdArticle=8392300 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44146 www.secnews.physaphae.fr/article.php?IdArticle=8392308 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41650 www.secnews.physaphae.fr/article.php?IdArticle=8392299 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40607 www.secnews.physaphae.fr/article.php?IdArticle=8392298 False Vulnerability None None CVE Liste - Common Vulnerability Exposure PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.]]> 2023-10-06T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38703 www.secnews.physaphae.fr/article.php?IdArticle=8392297 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28791 www.secnews.physaphae.fr/article.php?IdArticle=8392294 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29235 www.secnews.physaphae.fr/article.php?IdArticle=8392295 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.]]> 2023-10-06T13:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44771 www.secnews.physaphae.fr/article.php?IdArticle=8392258 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.]]> 2023-10-06T13:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44770 www.secnews.physaphae.fr/article.php?IdArticle=8392257 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27448 www.secnews.physaphae.fr/article.php?IdArticle=8392247 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27615 www.secnews.physaphae.fr/article.php?IdArticle=8392248 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25033 www.secnews.physaphae.fr/article.php?IdArticle=8392245 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40008 www.secnews.physaphae.fr/article.php?IdArticle=8392250 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40671 www.secnews.physaphae.fr/article.php?IdArticle=8392251 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.]]> 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44764 www.secnews.physaphae.fr/article.php?IdArticle=8392254 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.]]> 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44762 www.secnews.physaphae.fr/article.php?IdArticle=8392253 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.]]> 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44766 www.secnews.physaphae.fr/article.php?IdArticle=8392256 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47175 www.secnews.physaphae.fr/article.php?IdArticle=8392244 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25480 www.secnews.physaphae.fr/article.php?IdArticle=8392246 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.]]> 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44765 www.secnews.physaphae.fr/article.php?IdArticle=8392255 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.]]> 2023-10-06T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44761 www.secnews.physaphae.fr/article.php?IdArticle=8392252 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn\'t enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.]]> 2023-10-06T12:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36465 www.secnews.physaphae.fr/article.php?IdArticle=8392249 False Vulnerability None None CVE Liste - Common Vulnerability Exposure GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.]]> 2023-10-06T11:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44758 www.secnews.physaphae.fr/article.php?IdArticle=8392206 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.]]> 2023-10-06T10:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4530 www.secnews.physaphae.fr/article.php?IdArticle=8392210 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability.]]> 2023-10-06T08:15:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-10126 www.secnews.physaphae.fr/article.php?IdArticle=8392174 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in DedeCMS 5.7.111. Affected is an unknown function of the file baidunews.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240948.]]> 2023-10-06T06:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5312 www.secnews.physaphae.fr/article.php?IdArticle=8392177 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-06T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40556 www.secnews.physaphae.fr/article.php?IdArticle=8392176 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the \'geo_location\' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.]]> 2023-10-06T05:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26153 www.secnews.physaphae.fr/article.php?IdArticle=8392175 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.]]> 2023-10-05T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-10125 www.secnews.physaphae.fr/article.php?IdArticle=8392050 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.]]> 2023-10-05T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43343 www.secnews.physaphae.fr/article.php?IdArticle=8392052 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.]]> 2023-10-05T20:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44024 www.secnews.physaphae.fr/article.php?IdArticle=8392022 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.]]> 2023-10-05T20:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43981 www.secnews.physaphae.fr/article.php?IdArticle=8392020 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.]]> 2023-10-05T20:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43983 www.secnews.physaphae.fr/article.php?IdArticle=8392021 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().]]> 2023-10-05T20:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40920 www.secnews.physaphae.fr/article.php?IdArticle=8392018 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.]]> 2023-10-05T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32485 www.secnews.physaphae.fr/article.php?IdArticle=8391977 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.]]> 2023-10-05T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41175 www.secnews.physaphae.fr/article.php?IdArticle=8391979 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.]]> 2023-10-05T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43260 www.secnews.physaphae.fr/article.php?IdArticle=8391988 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.]]> 2023-10-05T18:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4401 www.secnews.physaphae.fr/article.php?IdArticle=8391989 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384.]]> 2023-10-05T18:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5423 www.secnews.physaphae.fr/article.php?IdArticle=8391993 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44387 www.secnews.physaphae.fr/article.php?IdArticle=8391991 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43070 www.secnews.physaphae.fr/article.php?IdArticle=8391984 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43073 www.secnews.physaphae.fr/article.php?IdArticle=8391987 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43069 www.secnews.physaphae.fr/article.php?IdArticle=8391983 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44386 www.secnews.physaphae.fr/article.php?IdArticle=8391990 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43068 www.secnews.physaphae.fr/article.php?IdArticle=8391982 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43072 www.secnews.physaphae.fr/article.php?IdArticle=8391986 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43071 www.secnews.physaphae.fr/article.php?IdArticle=8391985 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44838 www.secnews.physaphae.fr/article.php?IdArticle=8391946 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44837 www.secnews.physaphae.fr/article.php?IdArticle=8391945 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44839 www.secnews.physaphae.fr/article.php?IdArticle=8391947 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44836 www.secnews.physaphae.fr/article.php?IdArticle=8391944 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44831 www.secnews.physaphae.fr/article.php?IdArticle=8391939 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44828 www.secnews.physaphae.fr/article.php?IdArticle=8391936 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44830 www.secnews.physaphae.fr/article.php?IdArticle=8391938 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44834 www.secnews.physaphae.fr/article.php?IdArticle=8391942 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44833 www.secnews.physaphae.fr/article.php?IdArticle=8391941 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44832 www.secnews.physaphae.fr/article.php?IdArticle=8391940 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44835 www.secnews.physaphae.fr/article.php?IdArticle=8391943 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-05T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44829 www.secnews.physaphae.fr/article.php?IdArticle=8391937 False Vulnerability None None CVE Liste - Common Vulnerability Exposure HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).]]> 2023-10-05T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44390 www.secnews.physaphae.fr/article.php?IdArticle=8391907 False Vulnerability None None CVE Liste - Common Vulnerability Exposure File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.]]> 2023-10-04T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43321 www.secnews.physaphae.fr/article.php?IdArticle=8391677 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.]]> 2023-10-04T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43877 www.secnews.physaphae.fr/article.php?IdArticle=8391678 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting.]]> 2023-10-04T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43809 www.secnews.physaphae.fr/article.php?IdArticle=8391646 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.]]> 2023-10-04T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44075 www.secnews.physaphae.fr/article.php?IdArticle=8391647 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27121 www.secnews.physaphae.fr/article.php?IdArticle=8391594 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3428 www.secnews.physaphae.fr/article.php?IdArticle=8391595 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A?CWE-269: Improper Privilege Management vulnerability exists?that could cause?a local privilege escalation?when the transfer command is used.]]> 2023-10-04T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5402 www.secnews.physaphae.fr/article.php?IdArticle=8391603 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.]]> 2023-10-04T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20235 www.secnews.physaphae.fr/article.php?IdArticle=8391560 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.]]> 2023-10-04T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20259 www.secnews.physaphae.fr/article.php?IdArticle=8391561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.]]> 2023-10-04T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20101 www.secnews.physaphae.fr/article.php?IdArticle=8391559 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile\'s avatar.]]> 2023-10-04T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43838 www.secnews.physaphae.fr/article.php?IdArticle=8391563 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the \'SqlWhere\' parameter inside the function \'BuscarESM\'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.]]> 2023-10-04T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36276 www.secnews.physaphae.fr/article.php?IdArticle=8391557 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the \'Garuda settings manager\', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.]]> 2023-10-04T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3784 www.secnews.physaphae.fr/article.php?IdArticle=8391556 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.]]> 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3665 www.secnews.physaphae.fr/article.php?IdArticle=8391513 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40559 www.secnews.physaphae.fr/article.php?IdArticle=8391516 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255.]]> 2023-10-04T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5374 www.secnews.physaphae.fr/article.php?IdArticle=8391523 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25025 www.secnews.physaphae.fr/article.php?IdArticle=8391511 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27433 www.secnews.physaphae.fr/article.php?IdArticle=8391512 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40561 www.secnews.physaphae.fr/article.php?IdArticle=8391517 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22515 www.secnews.physaphae.fr/article.php?IdArticle=8391510 False Vulnerability,Cloud None None CVE Liste - Common Vulnerability Exposure IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40684 www.secnews.physaphae.fr/article.php?IdArticle=8391518 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4494 www.secnews.physaphae.fr/article.php?IdArticle=8391468 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4497 www.secnews.physaphae.fr/article.php?IdArticle=8391471 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5373 www.secnews.physaphae.fr/article.php?IdArticle=8391472 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4496 www.secnews.physaphae.fr/article.php?IdArticle=8391470 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4495 www.secnews.physaphae.fr/article.php?IdArticle=8391469 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.]]> 2023-10-04T13:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4491 www.secnews.physaphae.fr/article.php?IdArticle=8391465 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded]]> 2023-10-04T13:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4492 www.secnews.physaphae.fr/article.php?IdArticle=8391466 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.]]> 2023-10-04T13:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4493 www.secnews.physaphae.fr/article.php?IdArticle=8391467 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3037 www.secnews.physaphae.fr/article.php?IdArticle=8391457 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4037 www.secnews.physaphae.fr/article.php?IdArticle=8391461 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4090 www.secnews.physaphae.fr/article.php?IdArticle=8391462 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3038 www.secnews.physaphae.fr/article.php?IdArticle=8391458 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Relative path traversal vulnerability in Setelsa Security\'s ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3512 www.secnews.physaphae.fr/article.php?IdArticle=8391416 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25980 www.secnews.physaphae.fr/article.php?IdArticle=8391414 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4586 www.secnews.physaphae.fr/article.php?IdArticle=8391419 False Vulnerability None None