Show filters
69 Total Results
Displaying 11-20 of 69
Sort by:
Attacker Value
Unknown
CVE-2023-48260
Disclosure Date: January 10, 2024 (last updated January 17, 2024)
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
0
Attacker Value
Unknown
CVE-2023-48259
Disclosure Date: January 10, 2024 (last updated January 17, 2024)
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
0
Attacker Value
Unknown
CVE-2023-48258
Disclosure Date: January 10, 2024 (last updated January 17, 2024)
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP
request through a victim’s session.
0
Attacker Value
Unknown
CVE-2023-48257
Disclosure Date: January 10, 2024 (last updated January 17, 2024)
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.
0
Attacker Value
Unknown
CVE-2023-48256
Disclosure Date: January 10, 2024 (last updated January 17, 2024)
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.
0
Attacker Value
Unknown
CVE-2023-48255
Disclosure Date: January 10, 2024 (last updated January 19, 2024)
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.
0
Attacker Value
Unknown
CVE-2023-48254
Disclosure Date: January 10, 2024 (last updated January 19, 2024)
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
0
Attacker Value
Unknown
CVE-2023-48253
Disclosure Date: January 10, 2024 (last updated January 18, 2024)
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
0
Attacker Value
Unknown
CVE-2023-48252
Disclosure Date: January 10, 2024 (last updated January 18, 2024)
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
0
Attacker Value
Unknown
CVE-2023-48251
Disclosure Date: January 10, 2024 (last updated January 18, 2024)
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
0
