CVE-2023-7187

A vulnerability was found in Totolink N350RT 9.3.5u.6139B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. Th...

CVE-2023-4675

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

OESA-2023-1958 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...

Exploit for Cross-site Scripting in Openkm

CVE-2023-50072 A stored cross-site scripting XSS vulnerabil...

PT-2023-8008 · Openkm · Openkm

Name of the Vulnerable Software and Affected Versions: OpenKM version 7.1.40 Description: A Stored Cross-Site Scripting XSS issue exists that allows an authenticated user to upload a note on a file, which acts as a stored XSS payload. Any user who opens the note of a document file will trigger th...

CVE-2023-49955

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP Open Charge Point Protocol for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing...

CVE-2023-48866

A Cross-Site Scripting XSS vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shoppinglists/ of Grocy = 4.0.3 allows attackers to obtain the victim's cookies...

CVE-2023-47014

A Cross-Site Request Forgery CSRF vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php...

CVE-2023-47014

A Cross-Site Request Forgery CSRF vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php...

PT-2023-7576 · Unknown · Sticky Notes App Using Php With Source Code

Name of the Vulnerable Software and Affected Versions: Sticky Notes App Using PHP with Source Code version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This vulnerability can be exploited by a remote attacker to gain access to confidential information...

asD.sol::mint & asDFactory.sol::create allows an attacker to mint legitimate aSD with counterfeit underlying $NOTE

Lines of code Vulnerability details Impact When creating an aSD token using create from the asDFactory.sol, there's the cNote address reference to specify and set. A malicious user can deploy a counterfeit NOTE underlying token that isn't legit or backed by anything and set/reference it as...

The Invariant can be broken as 1 NOTE does not always equal to 1 cNOTE.

Lines of code Vulnerability details Impact users will not be able to redeem their asD tokens for equivalent amount of NOTE because when minting cNOTE, 1 cNOTE doesn't always equal 1 NOTE. Link to site here as of when the image above was taken, you needed exactly 1.0042 NOTES to be able to get 1...

The vulnerability in the `print_gnu_property_note` function of the `readelf.c` component of the GNU Binutils development environment allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the printgnupropertynote function in the readelf.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Exploit for Classic Buffer Overflow in Apple Ipados

vulnerabilidad-LibWebP-CVE-2023-41064 longitudes de código par...

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...

CVE-2023-5792

A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2023-5791

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack...

SUSE CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

SourceCodester Sticky Notes SQL Injection Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a SQL injection vulnerability in the parameter note in the file endpoint/delete-note.php...

SourceCodester Sticky Notes Cross-Site Scripting Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameters noteTitle/noteContent in the file endpoint/add-note.php...