-
CVE-2023-37734
•
published on August 10, 2023
EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.
-
CVE-2023-38333
•
published on August 10, 2023
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
-
CVE-2023-38830
•
published on August 10, 2023
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.
-
CVE-2023-39776
•
published on August 10, 2023
A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.
-
CVE-2023-39805
•
published on August 10, 2023
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
-
CVE-2023-39806
•
published on August 10, 2023
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
-
CVE-2023-40216
•
published on August 10, 2023
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
-
CVE-2023-40224
•
published on August 10, 2023
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
-
CVE-2023-40225
•
published on August 10, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
-
CVE-2023-40235
•
published on August 10, 2023
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework.
-
CVE-2022-47636
•
published on August 10, 2023
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
-
CVE-2023-36309
•
published on August 10, 2023
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0.
-
CVE-2023-36310
•
published on August 10, 2023
There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.
-
CVE-2023-36311
•
published on August 10, 2023
There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.
-
CVE-2023-36314
•
published on August 10, 2023
There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.
-
CVE-2023-36312
•
published on August 10, 2023
There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.
-
CVE-2023-36313
•
published on August 10, 2023
PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".
-
CVE-2023-36315
•
published on August 10, 2023
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.
-
CVE-2023-37069
•
published on August 10, 2023
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.
-
CVE-2023-37543
•
published on August 10, 2023
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.