This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T19:14:09+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.]]> 2023-11-03T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41352 www.secnews.physaphae.fr/article.php?IdArticle=8405231 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.]]> 2023-11-03T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41353 www.secnews.physaphae.fr/article.php?IdArticle=8405232 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46517 www.secnews.physaphae.fr/article.php?IdArticle=8405245 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45360 www.secnews.physaphae.fr/article.php?IdArticle=8405243 False None None None CVE Liste - Common Vulnerability Exposure Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45024 www.secnews.physaphae.fr/article.php?IdArticle=8405242 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46817 www.secnews.physaphae.fr/article.php?IdArticle=8405246 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45362 www.secnews.physaphae.fr/article.php?IdArticle=8405244 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44271 www.secnews.physaphae.fr/article.php?IdArticle=8405241 False None None None CVE Liste - Common Vulnerability Exposure In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43665 www.secnews.physaphae.fr/article.php?IdArticle=8405239 False None None None CVE Liste - Common Vulnerability Exposure SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41914 www.secnews.physaphae.fr/article.php?IdArticle=8405237 False None None None CVE Liste - Common Vulnerability Exposure Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.]]> 2023-11-03T05:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43982 www.secnews.physaphae.fr/article.php?IdArticle=8405240 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41348 www.secnews.physaphae.fr/article.php?IdArticle=8405228 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41346 www.secnews.physaphae.fr/article.php?IdArticle=8405226 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38965 www.secnews.physaphae.fr/article.php?IdArticle=8405217 False None None None CVE Liste - Common Vulnerability Exposure Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41350 www.secnews.physaphae.fr/article.php?IdArticle=8405229 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41347 www.secnews.physaphae.fr/article.php?IdArticle=8405227 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41164 www.secnews.physaphae.fr/article.php?IdArticle=8405220 False None None None CVE Liste - Common Vulnerability Exposure Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41260 www.secnews.physaphae.fr/article.php?IdArticle=8405222 False None None None CVE Liste - Common Vulnerability Exposure Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41259 www.secnews.physaphae.fr/article.php?IdArticle=8405221 False None None None CVE Liste - Common Vulnerability Exposure ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41345 www.secnews.physaphae.fr/article.php?IdArticle=8405225 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Rogic No-Code Database Builder\'s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.]]> 2023-11-03T05:15:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41343 www.secnews.physaphae.fr/article.php?IdArticle=8405223 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.]]> 2023-11-03T04:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36621 www.secnews.physaphae.fr/article.php?IdArticle=8405109 False Mobile None None CVE Liste - Common Vulnerability Exposure An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.]]> 2023-11-03T04:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36620 www.secnews.physaphae.fr/article.php?IdArticle=8405108 False Mobile None None CVE Liste - Common Vulnerability Exposure Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.]]> 2023-11-03T04:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34260 www.secnews.physaphae.fr/article.php?IdArticle=8405102 False None None None CVE Liste - Common Vulnerability Exposure Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.]]> 2023-11-03T04:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34259 www.secnews.physaphae.fr/article.php?IdArticle=8405101 False None None None CVE Liste - Common Vulnerability Exposure 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.]]> 2023-11-03T04:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31102 www.secnews.physaphae.fr/article.php?IdArticle=8405100 False None None None CVE Liste - Common Vulnerability Exposure Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.]]> 2023-11-03T04:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34261 www.secnews.physaphae.fr/article.php?IdArticle=8405103 False None None None CVE Liste - Common Vulnerability Exposure In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.]]> 2023-11-03T04:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28407 www.secnews.physaphae.fr/article.php?IdArticle=8405099 False None None None CVE Liste - Common Vulnerability Exposure IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.]]> 2023-11-03T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35896 www.secnews.physaphae.fr/article.php?IdArticle=8405104 False None None None CVE Liste - Common Vulnerability Exposure SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.]]> 2023-11-03T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46954 www.secnews.physaphae.fr/article.php?IdArticle=8405114 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.]]> 2023-11-03T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46176 www.secnews.physaphae.fr/article.php?IdArticle=8405113 False None None None CVE Liste - Common Vulnerability Exposure Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability]]> 2023-11-03T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36034 www.secnews.physaphae.fr/article.php?IdArticle=8405107 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Microsoft Edge (Chromium-based) Spoofing Vulnerability]]> 2023-11-03T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36029 www.secnews.physaphae.fr/article.php?IdArticle=8405106 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability]]> 2023-11-03T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36022 www.secnews.physaphae.fr/article.php?IdArticle=8405105 False Vulnerability None None CVE Liste - Common Vulnerability Exposure bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.]]> 2023-11-03T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7252 www.secnews.physaphae.fr/article.php?IdArticle=8405098 False None None None CVE Liste - Common Vulnerability Exposure IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.]]> 2023-11-03T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42029 www.secnews.physaphae.fr/article.php?IdArticle=8405111 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.]]> 2023-11-03T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42027 www.secnews.physaphae.fr/article.php?IdArticle=8405110 False None None None CVE Liste - Common Vulnerability Exposure IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.]]> 2023-11-03T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43018 www.secnews.physaphae.fr/article.php?IdArticle=8405112 False None None None CVE Liste - Common Vulnerability Exposure Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.]]> 2023-11-02T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43194 www.secnews.physaphae.fr/article.php?IdArticle=8405014 False None None None CVE Liste - Common Vulnerability Exposure An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.]]> 2023-11-02T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46958 www.secnews.physaphae.fr/article.php?IdArticle=8405016 False None None None CVE Liste - Common Vulnerability Exposure An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39057 www.secnews.physaphae.fr/article.php?IdArticle=8405011 False None None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.]]> 2023-11-02T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42299 www.secnews.physaphae.fr/article.php?IdArticle=8405013 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.]]> 2023-11-02T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46352 www.secnews.physaphae.fr/article.php?IdArticle=8405015 False None None None CVE Liste - Common Vulnerability Exposure An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.]]> 2023-11-02T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39283 www.secnews.physaphae.fr/article.php?IdArticle=8405012 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39048 www.secnews.physaphae.fr/article.php?IdArticle=8405006 False None None None CVE Liste - Common Vulnerability Exposure An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39047 www.secnews.physaphae.fr/article.php?IdArticle=8405005 False None None None CVE Liste - Common Vulnerability Exposure Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31579 www.secnews.physaphae.fr/article.php?IdArticle=8405003 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39051 www.secnews.physaphae.fr/article.php?IdArticle=8405008 False None None None CVE Liste - Common Vulnerability Exposure An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39042 www.secnews.physaphae.fr/article.php?IdArticle=8405004 False None None None CVE Liste - Common Vulnerability Exposure An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39053 www.secnews.physaphae.fr/article.php?IdArticle=8405009 False None None None CVE Liste - Common Vulnerability Exposure An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39050 www.secnews.physaphae.fr/article.php?IdArticle=8405007 False None None None CVE Liste - Common Vulnerability Exposure An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages.]]> 2023-11-02T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39054 www.secnews.physaphae.fr/article.php?IdArticle=8405010 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability.]]> 2023-11-02T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5929 www.secnews.physaphae.fr/article.php?IdArticle=8404965 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability.]]> 2023-11-02T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5930 www.secnews.physaphae.fr/article.php?IdArticle=8404966 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.]]> 2023-11-02T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39284 www.secnews.physaphae.fr/article.php?IdArticle=8404960 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability.]]> 2023-11-02T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5925 www.secnews.physaphae.fr/article.php?IdArticle=8404961 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability.]]> 2023-11-02T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5926 www.secnews.physaphae.fr/article.php?IdArticle=8404962 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328.]]> 2023-11-02T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5928 www.secnews.physaphae.fr/article.php?IdArticle=8404964 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327.]]> 2023-11-02T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5927 www.secnews.physaphae.fr/article.php?IdArticle=8404963 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31020 www.secnews.physaphae.fr/article.php?IdArticle=8404913 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31018 www.secnews.physaphae.fr/article.php?IdArticle=8404911 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client\'s secure context.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31019 www.secnews.physaphae.fr/article.php?IdArticle=8404912 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31017 www.secnews.physaphae.fr/article.php?IdArticle=8404910 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5923 www.secnews.physaphae.fr/article.php?IdArticle=8404919 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31027 www.secnews.physaphae.fr/article.php?IdArticle=8404918 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5924 www.secnews.physaphae.fr/article.php?IdArticle=8404920 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31023 www.secnews.physaphae.fr/article.php?IdArticle=8404916 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31021 www.secnews.physaphae.fr/article.php?IdArticle=8404914 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31026 www.secnews.physaphae.fr/article.php?IdArticle=8404917 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.]]> 2023-11-02T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31022 www.secnews.physaphae.fr/article.php?IdArticle=8404915 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.]]> 2023-11-02T19:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31016 www.secnews.physaphae.fr/article.php?IdArticle=8404909 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).]]> 2023-11-02T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46925 www.secnews.physaphae.fr/article.php?IdArticle=8404864 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.]]> 2023-11-02T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4217 www.secnews.physaphae.fr/article.php?IdArticle=8404863 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.]]> 2023-11-02T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5846 www.secnews.physaphae.fr/article.php?IdArticle=8404866 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.]]> 2023-11-02T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5035 www.secnews.physaphae.fr/article.php?IdArticle=8404865 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.]]> 2023-11-02T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473 www.secnews.physaphae.fr/article.php?IdArticle=8404862 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.]]> 2023-11-02T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4900 www.secnews.physaphae.fr/article.php?IdArticle=8404861 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469 www.secnews.physaphae.fr/article.php?IdArticle=8404787 False Vulnerability None None CVE Liste - Common Vulnerability Exposure FoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46725 www.secnews.physaphae.fr/article.php?IdArticle=8404817 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'*_role\' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45346 www.secnews.physaphae.fr/article.php?IdArticle=8404815 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470 www.secnews.physaphae.fr/article.php?IdArticle=8404788 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'*_deleted\' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45345 www.secnews.physaphae.fr/article.php?IdArticle=8404814 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471 www.secnews.physaphae.fr/article.php?IdArticle=8404789 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'id\' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45338 www.secnews.physaphae.fr/article.php?IdArticle=8404807 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'*_verified\' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45347 www.secnews.physaphae.fr/article.php?IdArticle=8404816 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.]]> 2023-11-02T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472 www.secnews.physaphae.fr/article.php?IdArticle=8404790 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'*_balance\' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45344 www.secnews.physaphae.fr/article.php?IdArticle=8404813 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'ticket_id\' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45343 www.secnews.physaphae.fr/article.php?IdArticle=8404812 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.]]> 2023-11-02T14:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5919 www.secnews.physaphae.fr/article.php?IdArticle=8404818 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'deleted\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45332 www.secnews.physaphae.fr/article.php?IdArticle=8404801 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'status\' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45334 www.secnews.physaphae.fr/article.php?IdArticle=8404803 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'role\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45329 www.secnews.physaphae.fr/article.php?IdArticle=8404798 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'verified\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45333 www.secnews.physaphae.fr/article.php?IdArticle=8404802 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'phone\' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45342 www.secnews.physaphae.fr/article.php?IdArticle=8404811 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'*_price\' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45341 www.secnews.physaphae.fr/article.php?IdArticle=8404810 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'contact\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45331 www.secnews.physaphae.fr/article.php?IdArticle=8404800 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'id\' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45335 www.secnews.physaphae.fr/article.php?IdArticle=8404804 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'password\' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45336 www.secnews.physaphae.fr/article.php?IdArticle=8404805 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'username\' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45337 www.secnews.physaphae.fr/article.php?IdArticle=8404806 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'type\' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45339 www.secnews.physaphae.fr/article.php?IdArticle=8404808 False Vulnerability None None