CVSS: 8.3EPSS: 86%CPEs: 2EXPL: 2CVE-2023-46818 – ISPConfig 3.2.11 PHP Code Injection
https://notcve.org/view.php?id=CVE-2023-46818
27 Oct 2023 — PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. ... ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php. • https://packetstorm.news/files/id/176126 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-46816
https://notcve.org/view.php?id=CVE-2023-46816
27 Oct 2023 — An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this. Se descubrió un problema en SugarCRM 12 anterior a 12.0.4 y 13 anterior a 13.0.2. • https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-010 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46509
https://notcve.org/view.php?id=CVE-2023-46509
27 Oct 2023 — An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar código arbitrario a través del componente texteditor.php. • https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5623 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-5623
26 Oct 2023 — NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location NNM no pudo configurar correctamente las ACL en su directorio de instalación, lo que podría permitir a un usuario con pocos privilegios ejecutar código arbitrario con privilegios de SYSTEM cuando NNM está instalado en una ubicación no estándar. • https://www.tenable.com/security/tns-2023-34 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39726
https://notcve.org/view.php?id=CVE-2023-39726
26 Oct 2023 — An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. Un problema en Mintty v.3.6.4 y anteriores permite a un atacante remoto ejecutar código arbitrario mediante comandos manipulados en la terminal. • https://dgl.cx/2023/09/ansi-terminal-security#mintty-osc50 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43352
https://notcve.org/view.php?id=CVE-2023-43352
26 Oct 2023 — An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Un problema en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado en el componente Content Manager Menu. • https://github.com/sromanhu/CVE-2023-43352-CMSmadesimple-SSTI--Content • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-5044 – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
https://notcve.org/view.php?id=CVE-2023-5044
25 Oct 2023 — Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. • https://github.com/r0binak/CVE-2023-5044 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42852 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42852
25 Oct 2023 — Processing web content may lead to arbitrary code execution. ... An anonymous researcher discovered that processing web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41976 – Apple Security Advisory 10-25-2023-1
https://notcve.org/view.php?id=CVE-2023-41976
25 Oct 2023 — Processing web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-41983 – webkitgtk: Processing web content may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-41983
25 Oct 2023 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •