Lista CVE - 2023 / Settembre
Visualizzazione 2101 - 2148 di 2148 CVE per Settembre 2023 (Pagina 22 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-43704 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43705 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43706 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43707 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43708 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43709 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43710 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43711 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-5201 | 2023-09-30 | The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or... |
| CVE-2023-5295 | 2023-09-30 | The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping... |
| CVE-2023-5298 | 2023-09-30 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-5207 | 2023-09-30 | Execution with Unnecessary Privileges in GitLab |
| CVE-2023-5300 | 2023-09-30 | TTSPlanning sql injection |
| CVE-2023-5301 | 2023-09-30 | DedeCMS album_add.php AddMyAddon os command injection |
| CVE-2023-5302 | 2023-09-30 | SourceCodester Best Courier Management System Manage Account Page cross site scripting |
| CVE-2023-5303 | 2023-09-30 | Online Banquet Booking System Account Detail view-booking-detail.php cross site scripting |
| CVE-2023-5321 | 2023-09-30 | Missing Authorization in hamza417/inure |
| CVE-2023-5304 | 2023-09-30 | Online Banquet Booking System Service Booking book-services.php cross site scripting |
| CVE-2023-5305 | 2023-09-30 | Online Banquet Booking System Contact Us Page mail.php cross site scripting |
| CVE-2023-5313 | 2023-09-30 | phpkobo Ajax Poll Script ajax-poll.php improper enforcement of a single, unique action |
| CVE-2022-4956 | 2023-09-30 | Caphyon Advanced Installer WinSxS DLL uncontrolled search path |
| CVE-2023-43712 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43713 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43714 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43715 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43716 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43717 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43718 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43719 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43720 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43721 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43722 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43723 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43724 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43725 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43726 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43727 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43728 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43729 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43730 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43731 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43732 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43733 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43734 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43735 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-5111 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-5112 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |
| CVE-2023-43907 | 2023-10-01 | OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. |
| CVE-2023-5323 | 2023-10-01 | Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr |
| CVE-2023-5322 | 2023-10-01 | D-Link DAR-7000 edit_manageadmin.php sql injection |
| CVE-2023-4211 | 2023-10-01 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations |
| CVE-2023-5324 | 2023-10-01 | eeroOS Ethernet Interface denial of service |
| CVE-2023-5326 | 2023-10-01 | SATO CL4NX-J Plus WebConfig improper authentication |
| CVE-2023-5327 | 2023-10-01 | SATO CL4NX-J Plus path traversal |
| CVE-2023-5328 | 2023-10-01 | SATO CL4NX-J Plus Cookie improper authentication |
| CVE-2023-37605 | 2023-10-02 | Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. |
| CVE-2023-41580 | 2023-10-02 | Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and... |
| CVE-2023-43267 | 2023-10-02 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-43268 | 2023-10-02 | Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. |
| CVE-2023-43297 | 2023-10-02 | An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| CVE-2023-43835 | 2023-10-02 | Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. |
| CVE-2023-43836 | 2023-10-02 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information |
| CVE-2023-43890 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. |
| CVE-2023-43891 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. |
| CVE-2023-43893 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. |
| CVE-2023-43980 | 2023-10-02 | Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. |
| CVE-2023-44008 | 2023-10-02 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. |
| CVE-2023-44009 | 2023-10-02 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. |
| CVE-2023-44011 | 2023-10-02 | An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. |
| CVE-2023-44012 | 2023-10-02 | Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. |
| CVE-2023-44463 | 2023-10-02 | An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do... |
| CVE-2023-43361 | 2023-10-02 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. |
| CVE-2023-43892 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. |
| CVE-2023-5329 | 2023-10-02 | Field Logic DataCube4 Web API improper authentication |
| CVE-2023-20819 | 2023-10-02 | In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution... |
| CVE-2023-32819 | 2023-10-02 | In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2023-32820 | 2023-10-02 | In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-32821 | 2023-10-02 | In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32822 | 2023-10-02 | In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32823 | 2023-10-02 | In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32824 | 2023-10-02 | In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-32826 | 2023-10-02 | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32827 | 2023-10-02 | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32828 | 2023-10-02 | In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32829 | 2023-10-02 | In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32830 | 2023-10-02 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-42132 | 2023-10-02 | FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be... |
| CVE-2023-41692 | 2023-10-02 | WordPress Attorney Theme <= 3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41728 | 2023-10-02 | WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41729 | 2023-10-02 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41731 | 2023-10-02 | WordPress wordpress publish post email notification Plugin <= 1.0.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41733 | 2023-10-02 | WordPress Back To The Top Button Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41734 | 2023-10-02 | WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41736 | 2023-10-02 | WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41737 | 2023-10-02 | WordPress Swifty Bar, sticky bar by WPGens Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44479 | 2023-10-02 | WordPress WP Jump Menu Plugin <= 3.6.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41797 | 2023-10-02 | WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41800 | 2023-10-02 | WordPress UniConsent Cookie Consent CMP for GDPR / CCPA Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41847 | 2023-10-02 | WordPress Notice Bar Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41855 | 2023-10-02 | WordPress Regpack Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |