Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-39681: GitHub - yanbochen97/CuppaCMS_RCE: An Unauthorized attacker can execute arbitrary php code leading to unauthorized remote code execution

Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.

CVE
Open in Source
#vulnerability#js#git#php#rce#pdf#auth#ssl
CVE-2023-40918: [Escalation of Privileges] Unauthorized users can create a new user with admin role · Issue #1128 · didi/KnowStreaming

KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role.

CVE-2023-34998: TALOS-2023-1770 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.

CVE-2023-32271: TALOS-2023-1774 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-34317: TALOS-2023-1772 || Cisco Talos Intelligence Group

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-31242: TALOS-2023-1769 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-32615: TALOS-2023-1771 || Cisco Talos Intelligence Group

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-3375

Unrestricted Upload of File with Dangerous Type vulnerability in Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.

CVE-2023-34994: TALOS-2023-1773 || Cisco Talos Intelligence Group

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-35124: TALOS-2023-1775 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.