Month: August 2023

FRRouting FRR denial of service | CVE-2023-41358

August 30, 2023

NAME__________FRRouting FRR denial of servicePlatforms Affected:FRRouting FRRouting 9.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________FRRouting FRR is vulnerable to a denial of service,...

FreeImage denial of service | CVE-2021-40264

August 30, 2023

NAME__________FreeImage denial of servicePlatforms Affected:FreeImage Project FreeImage 1.18.0Risk Level:6.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________FreeImage is vulnerable to a denial of...

Pylons Pyramid directory traversal | CVE-2023-40587

August 30, 2023

NAME__________Pylons Pyramid directory traversalPlatforms Affected:Pylons Pyramid 2.0.0 Pylons Pyramid 2.0.1Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Pylons Pyramid could allow a remote attacker to...

PHPJabbers Callback Widget preview.php cross-site scripting | CVE-2023-40755

August 30, 2023

NAME__________PHPJabbers Callback Widget preview.php cross-site scriptingPlatforms Affected:PHPJabbers Callback Widget 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPJabbers Callback Widget is vulnerable to cross-site scripting,...

PHPJabbers Make an Offer Widget index.php cross-site scripting | CVE-2023-40752

August 30, 2023

NAME__________PHPJabbers Make an Offer Widget index.php cross-site scriptingPlatforms Affected:PHPJabbers Make an Offer Widget 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPJabbers Make an Offer...

PHPJabbers Fundraising Script index.php cross-site scripting | CVE-2023-40751

August 30, 2023

NAME__________PHPJabbers Fundraising Script index.php cross-site scriptingPlatforms Affected:PHPJabbers Fundraising Script 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPJabbers Fundraising Script is vulnerable to cross-site scripting,...

Sourcecodester Online Graduate Tracer System SQL injection | CVE-2023-4556

August 30, 2023

NAME__________Sourcecodester Online Graduate Tracer System SQL injectionPlatforms Affected:Sourcecodester Online Graduate Tracer System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Sourcecodester Online Graduate Tracer System...

PHPJabbers Yacht Listing Script index.php cross-site scripting | CVE-2023-40750

August 30, 2023

NAME__________PHPJabbers Yacht Listing Script index.php cross-site scriptingPlatforms Affected:PHPJabbers Yacht Listing Script 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPJabbers Yacht Listing Script is vulnerable...

PHPJabbers Ticket Support Script index.php cross-site scripting | CVE-2023-40753

August 30, 2023

NAME__________PHPJabbers Ticket Support Script index.php cross-site scriptingPlatforms Affected:PHPJabbers Ticket Support Script 3.2Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPJabbers Ticket Support Script is vulnerable...

FreeImage denial of service | CVE-2021-40266

August 30, 2023

GitPython code execution | CVE-2023-40590

August 30, 2023

NAME__________GitPython code executionPlatforms Affected:GitPython GitPython 3.1.32Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GitPython could allow a remote attacker to execute arbitrary code on the...

Tenda AX3 denial of service | CVE-2023-40915

August 30, 2023

NAME__________Tenda AX3 denial of servicePlatforms Affected:Tenda AX3 16.03.12.11Risk Level:7.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________Tenda AX3 is vulnerable to a denial...

Sourcecodester Inventory Management System SQL injection | CVE-2023-4558

August 30, 2023

NAME__________Sourcecodester Inventory Management System SQL injectionPlatforms Affected:Sourcecodester Inventory Management System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Sourcecodester Inventory Management System is vulnerable to...

Linux Kernel information disclosure | CVE-2023-4569

August 30, 2023

NAME__________Linux Kernel information disclosurePlatforms Affected:Linux KernelRisk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Linux Kernel could allow a local authenticated attacker to obtain sensitive information,...

SPA-Cart eCommerce CMS SQL injection | CVE-2023-4548

August 30, 2023

NAME__________SPA-Cart eCommerce CMS SQL injectionPlatforms Affected:SPA-Cart eCommerce CMS 1.9.0.3Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________SPA-Cart eCommerce CMS is vulnerable to SQL injection. A...

Busybox code execution | CVE-2023-39810

August 30, 2023

NAME__________Busybox code executionPlatforms Affected:Busybox BusyboxRisk Level:6.1Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Busybox could allow a local attacker to traverse directories on the system. An...

GPAC denial of service | CVE-2023-39562

August 30, 2023

NAME__________GPAC denial of servicePlatforms Affected:GPAC GPAC 2.3-DEV-rev381-g817a848f6-masterRisk Level:5.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________GPAC is vulnerable to a denial of service,...

Sourcecodester Inventory Management System cross-site scripting | CVE-2023-4555

August 30, 2023

NAME__________Sourcecodester Inventory Management System cross-site scriptingPlatforms Affected:Sourcecodester Inventory Management System 1.0Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sourcecodester Inventory Management System is vulnerable to...

SPA-Cart eCommerce CMS cross-site scripting | CVE-2023-4547

August 30, 2023

NAME__________SPA-Cart eCommerce CMS cross-site scriptingPlatforms Affected:SPA-Cart eCommerce CMS 1.9.0.3Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SPA-Cart eCommerce CMS is vulnerable to cross-site scripting, caused...

Month: August 2023

FRRouting FRR denial of service | CVE-2023-41358

FreeImage denial of service | CVE-2021-40264

Pylons Pyramid directory traversal | CVE-2023-40587

PHPJabbers Callback Widget preview.php cross-site scripting | CVE-2023-40755

PHPJabbers Make an Offer Widget index.php cross-site scripting | CVE-2023-40752

PHPJabbers Fundraising Script index.php cross-site scripting | CVE-2023-40751

Sourcecodester Online Graduate Tracer System SQL injection | CVE-2023-4556

PHPJabbers Yacht Listing Script index.php cross-site scripting | CVE-2023-40750

PHPJabbers Ticket Support Script index.php cross-site scripting | CVE-2023-40753

FreeImage denial of service | CVE-2021-40266

GitPython code execution | CVE-2023-40590

Tenda AX3 denial of service | CVE-2023-40915

Sourcecodester Inventory Management System SQL injection | CVE-2023-4558

Linux Kernel information disclosure | CVE-2023-4569

SPA-Cart eCommerce CMS SQL injection | CVE-2023-4548

Busybox code execution | CVE-2023-39810

GPAC denial of service | CVE-2023-39562

Sourcecodester Inventory Management System cross-site scripting | CVE-2023-4555

SPA-Cart eCommerce CMS cross-site scripting | CVE-2023-4547

Zoho ManageEngine products security bypass | CVE-2023-35785

Mozilla Firefox denial of service | CVE-2023-4578

Mozilla Firefox denial of service | CVE-2023-4574

Mozilla Firefox security bypass | CVE-2023-4583

DjVuLibre denial of service | CVE-2021-46310

HackerOne Bug Bounty Disclosure: dom-based-cookie-bomb-in-acronis-com-via-x-clickref-get-parameter-mr-medi

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

CISA: CISA Releases Seven Industrial Control Systems Advisories

CISA: CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

[RANSOMHUB] – Ransomware Victim: www[.]damcapital[.]in

You may have missed