16591 matches found
CVE-2023-48258
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session...
CVE-2023-48258
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session...
CVE-2023-48256
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...
CVE-2023-48256
The CVE-2023-48256 entry concerns Bosch Nexo Cordless Nutrunner and related components. The root cause is insufficient handling of CRLF sequences in HTTP headers, which allows a remote attacker to inject arbitrary HTTP response headers or manipulate the HTTP response body within a victim’s sessio...
CVE-2023-48255
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...
CVE-2023-48254
The CVE-2023-48254 entry describes a vulnerability where a remote attacker can inject and execute arbitrary client-side script inside a victim session via a crafted URL or HTTP request. Multiple connected sources corroborate this client-side script execution risk, with the core issue centered on ...
CVE-2023-48254
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
CVE-2023-48252
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests...
CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...
CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...
CVE-2023-48246
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48247
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48246
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48242
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48244
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...
CVE-2023-48242
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
Cross site request forgery (csrf)
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
Design/Logic Flaw
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...