Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5300: CV3Cyb3R/2023/TTSPlanning/TTSPlanning.md at main · CV3TR4CK/CV3Cyb3R

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.

CVE
Open in Source
#sql#vulnerability#git
CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

CVE-2023-5298: cve/sql.md at main · szh0105/cve

A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability.

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability

GHSA-pp4w-g5p4-85p2: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-5jwv-m8h3-69cg: phpMyFaq Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-58v7-58c2-qwm9: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-r657-3wqh-g2x9: Microweber uses hard coded credentials

Use of Hard-coded Credentials in GitHub repository microweber/microweber 1.3.4 and prior. A patch is available and anticipated to be part of version 2.0.

GHSA-j5ww-5xf4-hqm2: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-qcjg-hvg6-hxcp: phpMyFAQ allows unrestricted file types in image field

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18.