CyberAlerts

CVE-2023-33336

Description: Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-33298

Description: com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-33277

Description: The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.

CVSS: LOW (0.0)

EPSS Score: 0.48%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-3311

PuneethReddyHC online-shopping-system-advanced addsuppliers.php cross site scripting

Description: A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. Es wurde eine problematische Schwachstelle in PuneethReddyHC online-shopping-system-advanced 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei addsuppliers.php. Durch Manipulation des Arguments First name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.08%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-32728

Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

Description: The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

CVSS: MEDIUM (4.6)

EPSS Score: 0.24%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-32623

Description: Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.

CVSS: LOW (0.0)

EPSS Score: 0.22%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-32612

Description: Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-32224

D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts

Description: D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts

CVSS: CRITICAL (9.8)

EPSS Score: 0.11%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-32223

D-Link DSL-224 firmware version 3.0.10 post authentication command execution

Description: D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.

CVSS: HIGH (8.8)

EPSS Score: 0.1%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2023-32222

D-Link DSL-G256DG firmware version vBZ_1.00.27 Authentication Bypass

Description: D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.

CVSS: CRITICAL (9.8)

EPSS Score: 0.16%

Source: CVE

November 28th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: