Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-40868: GitHub - MinoTauro2020/CVE-2023-40868: Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Dea

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.

CVE
Open in Source
#csrf#vulnerability#web#git
CVE-2023-39638: dlink/dir-859/readme.md at main · mmmmmx1/dlink

D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.

CVE-2023-40869: GitHub - MinoTauro2020/CVE-2023-40869: Cross Site Scripting vulnerability in mooSocial mooSocial Software v.3.1.6 allows a remote attacker to execute arbitrary code via a crafted script to the edit_me

Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.

CVE-2023-41156: Usermin-2.001/CVE-2023-41156 at main · shindeanik/Usermin-2.001

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.

CVE-2023-41160: Usermin-2.001/CVE-2023-41160 at main · shindeanik/Usermin-2.001

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.

CVE-2023-41159: Usermin-2.000/CVE-2023-41159 at main · shindeanik/Usermin-2.000

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.

CVE-2023-42362: GitHub - Mr-n0b3dy/CVE-2023-42362

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.

CVE-2023-41588: poc2/xss[Time to SLA].md at main · xsn1210/poc2

A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.

CVE-2023-4702

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.

CVE-2023-32636: (CVE-2023-32636) fuzz_variant_text: Timeout in fuzz_variant_text (#2841) · Issues · GNOME / GLib · GitLab

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.