Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-23424 |
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution Published: December 28, 2023; 10:15:08 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7146 |
A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. Published: December 28, 2023; 9:15:45 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7145 |
A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. Published: December 28, 2023; 9:15:45 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-31301 |
Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. Published: December 28, 2023; 9:15:45 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-31298 |
Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. Published: December 28, 2023; 9:15:45 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-31292 |
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. Published: December 28, 2023; 9:15:44 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-23436 |
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file Published: December 28, 2023; 9:15:44 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-23435 |
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file Published: December 28, 2023; 9:15:44 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-23434 |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Published: December 28, 2023; 9:15:44 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-23433 |
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Published: December 28, 2023; 9:15:44 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-23432 |
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Published: December 28, 2023; 9:15:44 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-23431 |
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Published: December 28, 2023; 9:15:43 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-7144 |
A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147. Published: December 28, 2023; 8:15:44 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7143 |
A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. Published: December 28, 2023; 8:15:43 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-7142 |
A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. Published: December 28, 2023; 7:15:50 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7141 |
A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. Published: December 28, 2023; 7:15:50 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-52085 |
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. Published: December 28, 2023; 7:15:50 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50104 |
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. Published: December 28, 2023; 7:15:50 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7140 |
A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143. Published: December 28, 2023; 6:15:44 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7139 |
A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability. Published: December 28, 2023; 6:15:44 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |