CVE-2023-38863

CVE-2023-38863 affects COMFAST CF-XR11 firmware v2.7.2. The vulnerability is a code execution path in bin/webmgnt, exploitable via ifname and mac parameters in the sub_410074 function. Connected documents confirm the affected product and vulnerability details; cited remediation guidance is limite...

Ubuntu: Security Advisory (USN-6283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-JP5R-4X9Q-4VCF xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

CVE-2020-24922

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

Buffer overflow

Buffer Overflow vulnerability in jfifdecode function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN...

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2023-30688

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code...

Stack overflow

Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code...

CVE-2023-30686

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2023-39437

Affected product: SAP Business One, version 10.0. Vulnerability: Cross-site scripting (XSS) via injection of malicious code into web page or application content delivered to the client. Root cause (as described): content rendering/input handling allows execution of injected script. Impact: as des...

CVE-2023-36344

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...

CVE-2023-36220

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

Suprema BioStar 2 SQL Injection Vulnerability

Suprema BioStar 2 is a web-based biometric security smart locking platform from Suprema Korea. A security vulnerability exists in Suprema BioStar 2 versions prior to V2.9.1 that originates from allowing an authenticated user to inject arbitrary SQL commands and execute arbitrary SQL commands...

CVE-2023-39147

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

Design/Logic Flaw

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

CVE-2022-39986

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...

CVE-2023-39147

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...