Page 204 of 8658 results (0.037 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2023-43955

https://notcve.org/view.php?id=CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. La aplicación com.phlox.tvwebbrowser TV Bro hasta la versión 2.0.0 para Android maneja mal los intents externos a través de WebView. Esto permite a los atacantes ejecutar código arbitrario y crear archivos arbitrarios. y realizar descargas arbitrarias a través de JavaScript que utiliza takeBlobDownloadData. • https://github.com/actuator/com.phlox.tvwebbrowser https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk https://github.com/truefedex/tv-bro/pull/182#issue-1901769895 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-43481

https://notcve.org/view.php?id=CVE-2023-43481

An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. Un problema en Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp permite a un atacante remoto ejecutar código JavaScript arbitrario a través del componente com.tcl.browser.portal.browse.activity.BrowsePageActivity. • https://github.com/actuator/com.tcl.browser/blob/main/CWE-94.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 69%CPEs: 1EXPL: 9

CVE-2023-51467 – Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability

https://notcve.org/view.php?id=CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code La vulnerabilidad permite a los atacantes omitir la autenticación para lograr Server-Side Request Forgery (SSRF) simple. • https://github.com/Chocapikk/CVE-2023-51467 https://github.com/JaneMandy/CVE-2023-51467-Exploit https://github.com/JaneMandy/CVE-2023-51467 https://github.com/UserConnecting/Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz https://github.com/K3ysTr0K3R/CVE-2023-51467-EXPLOIT https://github.com/tw0point/BadBizness-CVE-2023-51467 https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 https://github.com/AhmedMansour93/Event-ID-217-Rule-Name • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-51700 – WP-Mobile-BankID-Integration WordPress Database Deserialization: Potential for Object Injection

https://notcve.org/view.php?id=CVE-2023-51700

This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. • https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/commit/8251c6298a995ccf4f26c43f03ed11a275dd0c5f https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/security/advisories/GHSA-pqwp-qrp7-grg4 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 6%CPEs: 4EXPL: 0

CVE-2023-7101 – Spreadsheet::ParseExcel Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-7101

Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. ... Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecución de código arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una "evaluación" de tipo cadena. • http://www.openwall.com/lists/oss-security/2023/12/29/4 https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc https://https://metacpan.org/dist/Spreadsheet-ParseExcel https: • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •