TROYANOSYVIRUS

Vulnerabilites CVE

Base de donnees CVE enrichie avec CISA KEV et NVD

Total: 333,242 CVEs
CVE IDCVSSSeveriteKEVObservations
CVE-2023-43206

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary comman...

9.8CRITICAL0
CVE-2015-0311

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute ...

9.8CRITICALKEV0
CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via ...

9.8CRITICAL0
CVE-2023-43207

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands v...

9.8CRITICAL0
CVE-2023-43200

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.

9.8CRITICAL0
CVE-2023-41636

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.

9.8CRITICAL0
CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.

9.8CRITICAL0
CVE-2023-5521

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

9.8CRITICAL0
CVE-2023-35681

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges ne...

9.8CRITICAL0
CVE-2023-45984

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

9.8CRITICAL0
CVE-2023-42464

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dic...

9.8CRITICAL0
CVE-2022-47583

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

9.8CRITICAL0
CVE-2023-44105

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

9.8CRITICAL0
CVE-2023-44116

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

9.8CRITICAL0
CVE-2023-35803

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.

9.8CRITICAL0
CVE-2023-44166

The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CRITICAL0
CVE-2023-24479

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacke...

9.8CRITICAL0
CVE-2023-35646

In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not...

9.8CRITICAL0
CVE-2023-35647

In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with bas...

9.8CRITICAL0
CVE-2023-35648

In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with bas...

9.8CRITICAL0
CVE-2023-46007

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

9.8CRITICAL0
CVE-2023-32244

Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.

9.8CRITICAL0
CVE-2023-41507

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.

9.8CRITICAL0
CVE-2023-4310

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Success...

9.8CRITICAL0
CVE-2023-46005

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

9.8CRITICAL0
CVE-2023-4485

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to ex...

9.8CRITICAL0
CVE-2023-41508

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

9.8CRITICAL0
CVE-2023-29453

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a ...

9.8CRITICAL0
CVE-2023-36434

Windows IIS Server Elevation of Privilege Vulnerability

9.8CRITICAL0
CVE-2023-43981

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.

9.8CRITICAL0
CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.ph...

9.8CRITICAL0
CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants ...

9.8CRITICAL0
CVE-2023-5045

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This i...

9.8CRITICAL0
CVE-2023-41009

File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.

9.8CRITICAL0
CVE-2023-39654

abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict.

9.8CRITICAL0
CVE-2023-36109

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.

9.8CRITICAL0
CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

9.8CRITICAL0
CVE-2023-43202

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands v...

9.8CRITICAL0
CVE-2023-43203

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.

9.8CRITICAL0
CVE-2023-44694

D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.

9.8CRITICAL0
CVE-2023-44693

D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.

9.8CRITICAL0
CVE-2023-45386

In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabsp...

9.8CRITICAL0
CVE-2023-5402

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

9.8CRITICAL0
CVE-2023-44163

The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CRITICAL0
CVE-2023-4897

Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

9.8CRITICAL0
CVE-2023-43668

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  some sensitive params checks will be bypassed, like "auto...

9.8CRITICAL0
CVE-2023-45576

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-720...

9.8CRITICAL0
CVE-2023-30131

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.

9.8CRITICAL0
CVE-2023-30415

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.

9.8CRITICAL0
CVE-2023-45577

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200...

9.8CRITICAL0
Page 125 de 6665

This product uses data from the NVD API but is not endorsed or certified by the NVD.