2061
|
9.8 |
CRITICAL
Network
icmsdev
|
icms
|
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
|
CWE-384
Session Fixation
|
CVE-2023-42322
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2062
|
5.4 |
MEDIUM
Network
|
digitaldruid
|
hoteldruid
|
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t…
|
CWE-89
SQL Injection
|
CVE-2023-43377
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2063
|
5.4 |
MEDIUM
Network
|
digitaldruid
|
hoteldruid
|
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipota…
|
CWE-79
Cross-site Scripting
|
CVE-2023-43376
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2064
|
9.8 |
CRITICAL
Network
digitaldruid
|
hoteldruid
|
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, …
|
CWE-89
SQL Injection
|
CVE-2023-43375
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2065
|
9.8 |
CRITICAL
Network
digitaldruid
|
hoteldruid
|
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
|
CWE-89
SQL Injection
|
CVE-2023-43374
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2066
|
9.8 |
CRITICAL
Network
digitaldruid
|
hoteldruid
|
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
|
CWE-89
SQL Injection
|
CVE-2023-43373
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2067
|
9.8 |
CRITICAL
Network
digitaldruid
|
hoteldruid
|
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
|
CWE-89
SQL Injection
|
CVE-2023-43371
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2068
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permiss…
|
NVD-CWE-noinfo
|
CVE-2023-43498
|
2024-09-25 10:36 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2069
|
9.8 |
CRITICAL
Network
dlink
|
dwl-6610ap_firmware
|
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands …
|
CWE-77
Command Injection
|
CVE-2023-43207
|
2024-09-25 10:36 |
2023-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2070
|
9.8 |
CRITICAL
Network
dlink
|
dwl-6610ap_firmware
|
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary comma…
|
CWE-77
Command Injection
|
CVE-2023-43206
|
2024-09-25 10:36 |
2023-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|