National Vulnerability Database – Page 15

CVE-2023-44162 (online_art_gallery)

Posted on October 27, 2023 by National Vulnerability Database

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘contact’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. Continue reading CVE-2023-44162 (online_art_gallery)→

CVE-2023-43738 (online_art_gallery)

Posted on October 27, 2023 by National Vulnerability Database

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. Continue reading CVE-2023-43738 (online_art_gallery)→

CVE-2023-42188 (icecms)

Posted on October 27, 2023 by National Vulnerability Database

IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Continue reading CVE-2023-42188 (icecms)→

CVE-2023-43737 (online_art_gallery)

Posted on October 26, 2023 by National Vulnerability Database

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. Continue reading CVE-2023-43737 (online_art_gallery)→

CVE-2023-44268 (online_art_gallery)

Posted on October 26, 2023 by National Vulnerability Database

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘gender’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. Continue reading CVE-2023-44268 (online_art_gallery)→

CVE-2023-42406 (dar-7000_firmware)

Posted on October 26, 2023 by National Vulnerability Database

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. Continue reading CVE-2023-42406 (dar-7000_firmware)→

CVE-2023-33558 (ocomon)

Posted on October 26, 2023 by National Vulnerability Database

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. Continue reading CVE-2023-33558 (ocomon)→

CVE-2023-39427 (argon, cobalt, graphite, lithium, xenon)

Posted on October 26, 2023 by National Vulnerability Database

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverag… Continue reading CVE-2023-39427 (argon, cobalt, graphite, lithium, xenon)→

CVE-2023-44267 (online_art_gallery)

Posted on October 26, 2023 by National Vulnerability Database

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘lnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. Continue reading CVE-2023-44267 (online_art_gallery)→

CVE-2023-39936 (graphite)

Posted on October 26, 2023 by National Vulnerability Database

In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the … Continue reading CVE-2023-39936 (graphite)→