CVE-2023-42129

CVE-2023-42129 affects A10 Networks’ Thunder ADC ; the vulnerability is in the ShowTechDownloadView class, caused by a lack of validation for a user-supplied path used in file operations. This directory traversal could allow an attacker to disclose sensitive information with authentication requir...

CVE-2023-42129 A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability

A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2023-42130

The CVE-2023-42130 issue affects A10 Thunder ADC, specifically the FileMgmtExport class, where improper validation of a user-supplied path enables a directory traversal that can read and delete arbitrary files. The vulnerability context is authenticated use, with the impact described as read/dele...

CVE-2023-42120

CVE-2023-42120 affects Control Web Panel via the dns_zone_editor module, where improper validation of a user-supplied string before a system call enables remote code execution with root privileges. Impact is high (RCE, root, network exploit) and requires authentication to exploit. The entry is co...

CVE-2023-41227 D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41226

Summary of CVE-2023-41226 (D-Link DIR-3040): The vulnerability is a stack-based overflow in the prog.cgi binary that handles HNAP requests to the lighttpd webserver (ports 80/443). Lack of proper validation of a user-supplied string allows a network-adjacent attacker to trigger a remote code exec...

CVE-2023-41223 D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41223

D-Link DIR-3040: prog.cgi SetQuickVPNSettings PSK stack-based buffer overflow allows network-adjacent attackers to execute code with root privileges via HNAP requests to lighttpd on ports 80/443. Root cause: improper validation/copy to a fixed-size stack buffer in the PSK handling. Affected versi...

CVE-2023-41220 D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41218

The CVE-2023-41218 entry details a stack-based buffer overflow in D-Link DIR-3040 Prog.cgi (SetWan3Settings) vulnerable when processing HNAP requests to the lighttpd webserver on ports 80/443. The flaw stems from insufficient validation of a user-supplied string copied into a fixed-size stack buf...

CVE-2023-40507

The provided sources confirm a concrete vulnerability in LG Simple Editor: an XML External Entity (XXE) handling flaw in the copyContent command. A crafted document with a URI causes the XML parser to fetch the URI and embed its contents back into the XML, allowing a remote attacker to disclose i...

CVE-2023-40493 LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability

LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-39473

The CVE-2023-39473 entry concerns Inductive Automation Ignition's AbstractGatewayFunction deserialization vulnerability. The flaw stems from insufficient validation of user-supplied data, enabling deserialization of untrusted input and remote code execution. Exploitation requires authentication a...

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

CVE-2023-35728

CVE-2023-35728 affects D-Link DAP-2622 routers. The root cause is a stack-based buffer overflow in the DDP service caused by inadequate validation of user-supplied data length before copying to a fixed-length stack buffer. This leads to remote code execution in the root context with network-adjac...

CVE-2023-27361

Summary: CVE-2023-27361 affects NETGEAR RAX30 with a JSON parsing vulnerability in the rex_cgi component, causing a stack-based buffer overflow that can lead to remote code execution in the context of root. The flaw stems from insufficient validation of user-supplied JSON data length before copyi...

CVE-2023-27333

CVE-2023-27333 concerns TP-Link Archer AX21 routers. The vulnerability is a stack-based buffer overflow in the tmpServer service when handling command 0x422, caused by improper validation of user-supplied data length copying into a fixed-length stack buffer. Exploitation could allow remote code e...

CVE-2023-41222 D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

WordPress Follow Us Badges plugin <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpsitefollowusbadges Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin Follow Us Badges versions = 3.1.10...

CVE-2023-51631

D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerabilit...