Total
277142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42239 | 2025-01-13 | N/A | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php. | ||||
| CVE-2023-42238 | 2025-01-13 | N/A | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php. | ||||
| CVE-2023-42237 | 2025-01-13 | N/A | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php. | ||||
| CVE-2023-42236 | 2025-01-13 | N/A | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php. | ||||
| CVE-2023-42235 | 2025-01-13 | N/A | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php. | ||||
| CVE-2023-42234 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. | ||||
| CVE-2023-42232 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | ||||
| CVE-2023-42231 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function. | ||||
| CVE-2023-42229 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | ||||
| CVE-2023-42228 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function. | ||||
| CVE-2023-42227 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | ||||
| CVE-2023-42226 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | ||||
| CVE-2023-42225 | 2025-01-13 | N/A | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | ||||
| CVE-2023-29728 | 1 Applika | 1 Call Blocker | 2025-01-13 | 9.8 Critical |
| The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. | ||||
| CVE-2023-29380 | 1 Linuxmint | 1 Warpinator | 2025-01-13 | 7.5 High |
| Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. | ||||
| CVE-2023-28349 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 8.8 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution. | ||||
| CVE-2023-28348 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 7.4 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students. | ||||
| CVE-2023-28347 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 9.6 Critical |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner. | ||||
| CVE-2023-26129 | 1 Bwm-ng Project | 1 Bwm-ng | 2025-01-13 | 8.4 High |
| All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2023-26128 | 1 Keep-module-latest Project | 1 Keep-module-latest | 2025-01-13 | 8.4 High |
| All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||