CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call RPC of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read...

CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call RPC of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read...

Hitachi Energy MACH System Software Security Vulnerability

Hitachi Energy MACH System Software is a MACH real-time high-performance control system platform from Hitachi, Japan. A security vulnerability exists in Hitachi Energy MACH System Software that originates in the McFeeder server that allows an authenticated attacker to read arbitrary files on the...

An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

...

Resetting a sub-account's guard manually from the Main Console can potentially lead to a permanent denial of service (DoS) for that sub-account.

Lines of code Vulnerability details Impact If the Main Console resets the guard, resets the fallback handler, or disables itself as a module of a sub-account, the executors will permanently cease executing any transactions on that sub-account. And also if the Main Console resets the fallback...

Protocol's invariants can be broken

Lines of code Vulnerability details Impact Due to insufficient input validation to the inputs of the external function "deploySubAccount" in the SafeDeployer.sol contract,A malcious subAccount wallet can be imported,registered and then take control over other subAccounts. This can cause many...

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2026-05345)

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary code in the Main Menu Items of the Administration Menu via a specially crafted payload...

SUSE CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

UBUNTU-CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

Improper Authorization

gitlab is vulnerable to Improper Authorization. An attacker can create repositories with malicious code by exploiting a vulnerability in the main branch of a repository with a specially designed name...

CVE-2023-5266

A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tagsmain.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2023-5257 WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the...

PT-2023-31987 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2 Description: A critical vulnerability was found in DedeBIZ, affecting an unknown part of the file /src/admin/tags main.php. The manipulation of the ids argument leads to SQL injection. It is possible to initiate the attack...

CVE-2023-43878

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

Cross site scripting

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

PT-2023-29023 · Ritecms · Ritecms

Name of the Vulnerable Software and Affected Versions: Rite CMS version 3.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. This is a result of Multiple Cross-Site scripting XSS vulnerabilities...

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is a website CMS. A cross-site scripting vulnerability exists in RiteCMS version 3.0. An attacker can exploit this vulnerability to execute arbitrary code in the Main Menu Items of the Administration Menu via a specially crafted payload...

CVE-2023-42807

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app...

The vulnerability of the phpcgi_main() function in D-Link DIR-645 router microprogramming software allows attackers to bypass security restrictions and gain increased privileges.

The vulnerability of the phpcgimain function in D-Link DIR-645 router microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and gain increased privileges...

CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...