7648 matches found
CVE-2023-39370
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
Cross site scripting
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370 StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370 StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370
CVE-2023-39370 affects StarTrinity Softswitch, specifically version 2023-02-16, with a Persistent XSS vulnerability (CWE-79) in the web UI. Root cause is improper handling of user-supplied input leading to script injection. Documented impact includes confidentiality and integrity concerns (per CV...
PT-2023-26899 · Startrinity · Startrinity Softswitch
Name of the Vulnerable Software and Affected Versions: StarTrinity Softswitch version 2023-02-16 Description: The issue is related to a Persistent XSS CWE-79 in StarTrinity Softswitch. Recommendations: For StarTrinity Softswitch version 2023-02-16, at the moment, there is no information about a...
Malicious code in emon-testt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc3e1ddd0c9bd0c6e361f9383435fa90d24ddfb9642622862818d1aecfe88d29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mmolecule-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a6a1f18648beba2a8938064ff1661d516c95d8940377de4bcd2f938360b9588 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Earth Estries Targets Government, Tech for Cyberespionage
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures TTPs employed, we observed overlaps with the advanced persistent threat APT group FamousSparrow as Earth Estries targets governments and...
CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
Input validation
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
CVE-2023-23772
The CVE-2023-23772 issue concerns the Motorola MBTS Site Controller, where firmware update packages are not validated cryptographically. The root cause is lack of firmware update authenticity checks, enabling an authenticated attacker to potentially achieve arbitrary code execution, extract secre...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
Malicious code in fca-spbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a8ff7a08abab44b5a236e031340c492d901250c279d87f7078124850ecad03e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
User Registration And Login And User Management System 3.0 Cross Site Scripting
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...
User Registration & Login and User Management System v3.0 - XSS Vulnerability
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Versio...
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...