The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.

CVE-2023-4922

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-49042: IOT_VULN/Tenda/AX1803/setSchedWifi.md at main · Anza2001/IOT_VULN

An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.

CVE-2023-49040: IOT_VULN/Tenda/AX1803/form_fast_setting_internet_set.md at main · Anza2001/IOT_VULN

Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.

CVE-2023-49047: IOT_VULN/Tenda/AX1803/formSetDeviceName.md at main · Anza2001/IOT_VULN

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

**Tenable Advisory ID:** TRA-2023-37

**Affected Products:**  
Arcserve UDP prior to 9.2

**Risk Factor:**  
Critical

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

**Try Tenable Nessus Professional Free**

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

**NEW - Tenable Nessus Expert  
Now Available**

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. **Click here to Try Nessus Expert.**

Fill out the form below to continue with a Nessus Pro Trial.

**Buy Tenable Nessus Professional**

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

**Try Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

**Buy Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable Lumin**

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable Security Center**

_Formerly Tenable.sc_

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable OT Security**

_Formerly Tenable.ot_

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable Identity Exposure**

_Formerly Tenable.ad_

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Request a Demo of Tenable Cloud Security**

_**Exceptional unified cloud security awaits you!**_

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable Attack Surface Management In Action**

_Formerly Tenable.asm_

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

**Try Tenable Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Tenable Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements**

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

CVE-2023-41999: Arcserve Unified Data Protection Multiple Vulnerabilities

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.

**absis**

Sistem Akademik KTSP/K13

Versi 0.000001 (yang mudeng cuman developernya aja)

Masih Versi Alpha, banyak bug sana-sini dan kode yang tidak rapi. Next Version -> Sudah menggunakan framework laravel

Step:

1.  Upload data backend di server php anda.
2.  Ada 2 database yg harus anda gunakan, yaitu master dan \[tiap tahun ajaran\] (https://github.com/smpn1smg/absis/smpn1smg\_2015.sql). Yang kami berikan berupa data dummy, agar bisa digunakan. Di github.com/smpn1smg/absis.
3.  Setting agar sistem ada di root (misal langsung di http://localhost/ bukan di http://localhost/absis/
4.  Setting username dan password MySQL di controller/config/config.php dan model/class/master.php

Login demo: demo.absis.co.id username: demo pass: demo

Daftar Fitur (baik yg sudah dan yg akan):

**Lisensi**

  
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Hal ini berarti:

*   **Share**: Anda bebas untuk menggunakan dan mendistribusikan materi-materi ini pada media dan bentuk apapun.
*   **Adapt**: Anda bebas untuk memodifikasi materi-materi ini pada penggunaannya.

Dengan ketentuan sebagai berikut:

*   **Attribution**: Apabila Anda menggunakan materi-materi ini, Anda harus memberikan _credit_ kepada **SMPN 1 Semarang**.
*   **NonCommercial**: Anda tidak boleh menggunakan materi-materi ini untuk keperluan komersial.
*   **ShareAlike**: Apabila Anda memodifikasi materi-materi ini, Anda harus mendistribusikannya kembali dengan lisensi yang sama. Hal ini dapat dilakukan dengan cara melakukan _fork_ repositori ini dan melakukan _commit_ modifikasi-modifikasi yang Anda lakukan di sana.

Untuk penjelasan lebih lanjut mengenai lisensi ini, silakan membuka tautan lisensi di atas.

CVE-2023-49029: GitHub - smpn1smg/absis: Sistem Akademik K13/KTSP Berbasis Web

Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

CVE-2023-49043: IOT_VULN/Tenda/AX1803/fromSetWirelessRepeat.md at main · Anza2001/IOT_VULN

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

CVE-2023-49046: IOT_VULN/Tenda/AX1803/formAddMacfilterRule.md at main · Anza2001/IOT_VULN

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties.  A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE-2023-41257: TALOS-2023-1838 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Source

CVE