Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28
CVE-2023-41444
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-09-28
CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-09-28
CVE-2023-41447
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-09-28
CVE-2023-41450
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
CVSS Score
8.8
EPSS Score
0.03
Published
2023-09-28
CVE-2023-42222
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
CVSS Score
8.8
EPSS Score
0.044
Published
2023-09-28
CVE-2023-5244
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
5.0
EPSS Score
0.259
Published
2023-09-28
CVE-2023-43233
A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-09-27
CVE-2023-43314
** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-09-27
CVE-2023-43320
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-09-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved