Hírolvasó

NVD: all CVE · 2023. február 3.

CVE-2021-36426

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.
NVD: all CVE · 2023. február 3.

CVE-2021-36431

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.
NVD: all CVE · 2023. február 3.

CVE-2021-36432

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.
NVD: all CVE · 2023. február 3.

CVE-2021-36433

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.
NVD: all CVE · 2023. február 3.

CVE-2021-36434

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.
NVD: all CVE · 2023. február 3.

CVE-2021-36443

Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
NVD: all CVE · 2023. február 3.

CVE-2021-36444

Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
NVD: all CVE · 2023. február 3.

CVE-2023-22975

jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).
SANS · 2023. február 3.

VMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html, (Fri, Feb 3rd)

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
NVD: all CVE · 2023. február 3.

CVE-2023-24157

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
NVD: all CVE · 2023. február 3.

CVE-2023-24151

A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
NVD: all CVE · 2023. február 3.

CVE-2023-24152

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
NVD: all CVE · 2023. február 3.

CVE-2023-24153

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
NVD: all CVE · 2023. február 3.

CVE-2023-24154

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
NVD: all CVE · 2023. február 3.

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.