PT-2023-29853 · Apereo · Apereo Cas

Name of the Vulnerable Software and Affected Versions: Apereo CAS versions through 7.0.0-RC7 Description: The issue is related to an Improper Authentication vulnerability in the jakarta.servlet.http.HttpServletRequest.getRemoteAddr method, which allows Multi-Factor Authentication bypass. There is...

PT-2023-7246 · Asus · Asus Rt-Ac87U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC87U all versions Description: An improper access control issue exists, related to the implementation of the TFTP protocol, allowing an attacker to read or write files not intended for access. This can be achieved by connecting to th...

PT-2023-30228 · E-Tax · E-Tax

Name of the Vulnerable Software and Affected Versions: e-Tax software versions 3.0.10 and earlier Description: The issue is related to the improper restriction of XML external entity references XXE in the e-Tax software due to the configuration of the embedded XML parser. This allows an attacker ...

PT-2023-29990 · Loytec · Linx Configurator +7

Name of the Vulnerable Software and Affected Versions: LOYTEC LINX-151 affected versions not specified LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 affected versions not specified LOYTEC LIOB-588 affected versions not specified...

CVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

PT-2023-30278 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR1200GB version 9.1.0u.6619 B20230130 Description: A stack overflow issue was discovered via the password parameter in the loginAuth function. This issue can be exploited, potentially allowing unauthorized access. Recommendations: F...

Code injection

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...

PT-2023-29794 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: An issue in the software allows an attacker to execute arbitrary commands via the admin safe.php component. Recommendations: For SeaCMS version 12.9, consider disabling access to the admin safe.php component...

PT-2023-8375 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue is related to the use of hard-coded credentials, such as a password or cryptographic key, in IBM Security Verify Governance. This could allow a remote attacker to disclose...

PT-2023-28802 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. This enables the attacker to perform...

PT-2023-25755 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ versions = V5.2cu.7594 B20200910 Description: A stack overflow issue was discovered in the UploadCustomModule function via the File parameter. Recommendations: For TOTOLINK CP300+ versions = V5.2cu.7594 B20200910, consider...

PT-2023-32194 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZZCMS version 2.2.0 Description: A vulnerability has been found in the Personal Profile Page component of ZZZCMS, which affects some unknown processing and leads to basic cross-site scripting. The attack may be initiated remotely. The exploi...

PT-2023-31968 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2023.2.8.0 and earlier Description: The issue is related to improper access control in PAM propagation scripts, allowing an attack with permission to manage these scripts to retrieve stored passwords via a GET...

PT-2023-26610 · Inspect Element · Echo.Ac

Name of the Vulnerable Software and Affected Versions: Inspect Element Ltd Echo.ac version 5.2.1.0 Description: An issue in Inspect Element Ltd Echo.ac allows a local attacker to gain privileges via a crafted command to the echo driver.sys component. This issue has been reportedly used by various...

PT-2023-32129 · Beijing Baichuo · Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 Description: A critical vulnerability was found in the Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent...

PT-2023-32046 · Sato · Sato Cl4Nx-J Plus

Name of the Vulnerable Software and Affected Versions: SATO CL4NX-J Plus version 1.13.2-u455 r2 Description: A vulnerability was found in the SATO CL4NX-J Plus, affecting some unknown functionality of the file /rest/dir/. The manipulation of the full argument leads to path traversal. The attack...

PT-2023-31941 · Unknown · Himitzh Hoj

Name of the Vulnerable Software and Affected Versions: HimitZH HOJ versions up to 4.6-9a65e3f Description: A critical issue has been found in the Topic Handler component, leading to a sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

PT-2023-5375 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 Description: The issue is related to a stack overflow in the setMAC function of the D-Link DIR-816 A2 router's firmware, which can be triggered via the macCloneMac parameter. This can potentially allow a...

PT-2023-26849 · Dell · Dell Emc Scg Policy Manager

Name of the Vulnerable Software and Affected Versions: Dell SCG Policy Manager version 5.16.00.14 Description: The issue concerns a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing Man-in-the-Middle MitM...

PT-2023-28639 · Frauscher Sensortechnik Gmbh · Fds101

Name of the Vulnerable Software and Affected Versions: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi versions 1.4.24 and all previous versions Description: The issue is related to a SQL injection vulnerability that can be exploited via manipulated parameters of the web interface without...