Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-33469
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-09
CVE-2023-37068
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-08-09
CVE-2023-38347
An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-08-09
CVE-2023-38348
A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-09
CVE-2023-23347
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
CVSS Score
6.4
EPSS Score
0.0
Published
2023-08-09
CVE-2023-39004
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-09
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-08-09
CVE-2023-39006
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-09
CVE-2023-39007
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
CVSS Score
9.6
EPSS Score
0.419
Published
2023-08-09
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-08-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved