Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-6420 |
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. Published: November 30, 2023; 9:15:19 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6419 |
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. Published: November 30, 2023; 9:15:19 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6418 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:19 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6417 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:18 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6416 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:18 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6415 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:18 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6414 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:17 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6413 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:17 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6412 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6411 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6410 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6136 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. Published: November 30, 2023; 9:15:14 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6027 |
A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter. Published: November 30, 2023; 9:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6026 |
A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input. Published: November 30, 2023; 9:15:13 AM -0500 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-5966 |
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. Published: November 30, 2023; 9:15:13 AM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-5965 |
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. Published: November 30, 2023; 9:15:12 AM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-4770 |
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. Published: November 30, 2023; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-48964 |
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. Published: November 30, 2023; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48963 |
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. Published: November 30, 2023; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48914 |
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. Published: November 30, 2023; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |