2341
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web…
|
CWE-79 CWE-116
Cross-site Scripting Improper Encoding or Escaping of Output
|
CVE-2024-7873
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2342
|
- |
|
-
|
-
|
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
|
-
|
CVE-2024-46362
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2343
|
- |
|
-
|
-
|
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
|
-
|
CVE-2024-46085
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2344
|
- |
|
-
|
-
|
On Windows systems, the Arc configuration files resulted to be world-readable.
This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration fil…
|
-
|
CVE-2023-5937
|
2024-09-20 21:15 |
2024-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2345
|
- |
|
-
|
-
|
Audit records for OpenAPI requests may include sensitive information.
This could lead to unauthorized accesses and privilege escalation.
|
-
|
CVE-2023-6916
|
2024-09-20 21:15 |
2024-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2346
|
7.5 |
HIGH
Network
nozominetworks
|
cmc guardian
|
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data witho…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-5253
|
2024-09-20 21:15 |
2024-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2347
|
4.3 |
MEDIUM
Network
|
nozominetworks
|
cmc guardian
|
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
The reports section will b…
|
NVD-CWE-noinfo
|
CVE-2023-24015
|
2024-09-20 21:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2348
|
4.9 |
MEDIUM
Network
|
nozominetworks
|
cmc guardian
|
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return …
|
NVD-CWE-noinfo
|
CVE-2023-23903
|
2024-09-20 21:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2349
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc guardian
|
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and …
|
CWE-79
Cross-site Scripting
|
CVE-2023-22843
|
2024-09-20 21:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2350
|
6.5 |
MEDIUM
Network
|
nozominetworks
|
cmc guardian
|
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statement…
|
CWE-89
SQL Injection
|
CVE-2023-22378
|
2024-09-20 21:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|