PT-2023-21848 · Unknown · Freewill Ifis

Name of the Vulnerable Software and Affected Versions: Freewill iFIS aka SMART Trade version 20.01.01.04 Description: The issue allows OS Command Injection via shell metacharacters to a report page. Recommendations: For Freewill iFIS aka SMART Trade version 20.01.01.04, consider restricting acces...

GHSA-JCR6-4FRQ-9GJJ Users vulnerable to unaligned read of `*const *const c_char` pointer

Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior. In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibilit...

PT-2023-26771 · Unknown · Nbd80N32Ra-Kl-V3 +1

Name of the Vulnerable Software and Affected Versions: NBD80S09S-KLC version YK HZXM NBD80S09S-KLC V4.03.R11.7601.Nat.OnvifC.20230414.bin NBD80N32RA-KL-V3 version YK HZXM NBD80N32RA-KL V4.03.R11.7601.Nat.OnvifC.20220120.bin Description: A Buffer Overflow issue allows a remote attacker to cause a...

PT-2023-30859 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue was found in IBOS OA, affecting an unknown part of the file ?r=dashboard/position/del. This issue leads to sql injection and can be initiated remotely. The exploit has been disclosed to the...

PT-2023-8074 · Sourcecodester · Sourcecodester Simple Book Catalog App

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Book Catalog App version 1.0 Description: A vulnerability has been found in the Update Book Form component of the SourceCodester Simple Book Catalog App. The manipulation of the book title and book author arguments leads...

PT-2023-28372 · Zavio · Zavio Cf7500 +10

Name of the Vulnerable Software and Affected Versions: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 with firmware version M2.1.6.05 Description: The issue is related to a command injection vulnerability in the implementation of binaries and handlin...

PT-2023-30453 · Byzoro · Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform

Name of the Vulnerable Software and Affected Versions: Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230822 Description: A critical issue affects some unknown functionality of the file /importexport.php, leading to sql injection. The attack can be...

PT-2023-27673 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version US AC6V1.0BR V15.03.05.16 multi TD01.bin Description: The issue is related to a Buffer Overflow that occurs via the function "initIpAddrInfo". This function reads in a user-provided parameter and passes the variable without...

PT-2023-8675 · Zbar +5 · Zbar +5

Name of the Vulnerable Software and Affected Versions: ZBar version 0.23.90 Description: A heap-based buffer overflow exists in the qr reader match centers function. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this issue, an attacker c...

PT-2023-27019 · Audimexee · Audimexee

Name of the Vulnerable Software and Affected Versions: AudimexEE version 15.0 Description: The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are present in the Show Kai Data component. Cross-site scripting XSS is a type of security...

PT-2023-27616 · Phpjabbers · Phpjabbers Fundraising Script

Name of the Vulnerable Software and Affected Versions: PHPJabbers Fundraising Script version 1.0 Description: The issue is related to Cross Site Scripting XSS via the action parameter of "index.php". This allows for potential malicious script execution. The estimated number of potentially affecte...

PT-2023-27465 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: Maxon Cinema 4D affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this issue, where the target must...

PT-2023-5034 · Cisco · Cisco Fxos

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device,...

PT-2023-29100 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version EN V9.3.5u.6146 B20201023 Description: A critical issue was found, affecting the setDiagnosisCfg function, which leads to os command injection. This can be initiated remotely. Recommendations: For TOTOLINK EX1200L...

PT-2023-29131 · Ruijie · Ruijie Rg-Ew1200G

Name of the Vulnerable Software and Affected Versions: Ruijie RG-EW1200G version 07161417 r483 Description: A critical issue affects some unknown functionality of the /api/sys/login API endpoint, leading to improper authentication. The attack can be launched remotely. The exploit has been disclos...

PT-2023-4468 · D Link · D-Link Dir-880L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-880 A1 FW107WWb08 Description: The issue is related to a NULL pointer dereference in the FUN 00010824 function. This can potentially allow a remote attacker to cause a denial of service. Recommendations: For D-Link DIR-880 A1...

PT-2023-26793 · Ntsc-Crt · Ntsc-Crt

Name of the Vulnerable Software and Affected Versions: NTSC-CRT version 2.2.1 Description: The issue is related to an integer overflow and out-of-bounds write in the loadBMP function in bmp rw.c. This occurs because the file's width, height, and BPP are not validated. The vendor notes that the ma...

PT-2023-5519 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda A18 version V15.13.07.09 Description: The issue is related to a stack overflow in the formWifiBasicSet function, which can be triggered via the security parameter. This can potentially allow a remote attacker to cause a denial of servic...

PT-2023-7521 · Sierra Wireless · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the use of hardcoded credentials in the debugging mode of the ALEOS operating system for Sierra Wireless MP70, RV50x, RV55, LX40, LX60 ES450, GX450 wireless routers. When...

PT-2023-11542 · Unknown · Jbt Markdown Editor

Name of the Vulnerable Software and Affected Versions: jbt Markdown Editor versions prior to commit 2252418c27dffbb35147acd8ed324822b8919477 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the Rendering Engine of the jbt Markdown Editor. This vulnerability allows...