Show filters
265,810 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2023-28699
Disclosure Date: June 11, 2023 (last updated June 02, 2023)
Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.
0
Attacker Value
Unknown
CVE-2023-28705
Disclosure Date: June 09, 2023 (last updated June 02, 2023)
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
0
Attacker Value
Unknown
CVE-2023-24510
Disclosure Date: May 31, 2023 (last updated June 05, 2023)
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
0
Attacker Value
Unknown
CVE-2023-28704
Disclosure Date: May 30, 2023 (last updated June 02, 2023)
Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.
0
Attacker Value
Unknown
CVE-2023-25780
Disclosure Date: May 30, 2023 (last updated June 02, 2023)
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
0
Attacker Value
Unknown
CVE-2023-28702
Disclosure Date: May 30, 2023 (last updated June 02, 2023)
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
0
Attacker Value
Unknown
CVE-2023-28703
Disclosure Date: May 30, 2023 (last updated June 02, 2023)
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
0
Attacker Value
Unknown
CVE-2023-28701
Disclosure Date: May 30, 2023 (last updated June 02, 2023)
ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.
0
Attacker Value
Unknown
CVE-2023-28700
Disclosure Date: May 30, 2023 (last updated June 02, 2023)
OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
0
Attacker Value
Unknown
CVE-2023-0779
Disclosure Date: May 30, 2023 (last updated May 30, 2023)
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
0