Show filters
265,810 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2023-28699

Disclosure Date: June 11, 2023 (last updated June 02, 2023)
Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.
0
Attacker Value
Unknown

CVE-2023-28705

Disclosure Date: June 09, 2023 (last updated June 02, 2023)
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
0
Attacker Value
Unknown

CVE-2023-24510

Disclosure Date: May 31, 2023 (last updated June 05, 2023)
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
0
Attacker Value
Unknown

CVE-2023-28704

Disclosure Date: May 30, 2023 (last updated June 02, 2023)
Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.
0
Attacker Value
Unknown

CVE-2023-25780

Disclosure Date: May 30, 2023 (last updated June 02, 2023)
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
0
Attacker Value
Unknown

CVE-2023-28702

Disclosure Date: May 30, 2023 (last updated June 02, 2023)
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
0
Attacker Value
Unknown

CVE-2023-28703

Disclosure Date: May 30, 2023 (last updated June 02, 2023)
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
0
Attacker Value
Unknown

CVE-2023-28701

Disclosure Date: May 30, 2023 (last updated June 02, 2023)
ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.
0
Attacker Value
Unknown

CVE-2023-28700

Disclosure Date: May 30, 2023 (last updated June 02, 2023)
OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
0
Attacker Value
Unknown

CVE-2023-0779

Disclosure Date: May 30, 2023 (last updated May 30, 2023)
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
0