Security Vulnerabilities - CVEs Published In June 2023
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-06-02
An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.
CVSS Score
7.8
EPSS Score
0.007
Published
2023-06-02
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-02
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-02
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-02
An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-06-02
The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-02
An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation..
CVSS Score
9.0
EPSS Score
0.195
Published
2023-06-02
A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-02
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-02