Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-48161PUBLISHED: 2023-02-01Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.
CVE-2023-0341PUBLISHED: 2023-02-01
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the ...
CVE-2023-23924PUBLISHED: 2023-02-01
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call...
CVE-2023-24241PUBLISHED: 2023-02-01Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
CVE-2023-24956PUBLISHED: 2023-02-01Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.
User Rank: Apprentice
9/19/2014 | 3:04:50 AM
www.pitchussocial.com