CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
A specially crafted set of network packets can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-45560
https://notcve.org/view.php?id=CVE-2023-45560
An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Un problema en la tarjeta de miembro de Yasukawa v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtración del token de acceso al canal. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45560.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5762 – Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
https://notcve.org/view.php?id=CVE-2023-5762
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. El complemento Filr de WordPress anterior a 1.2.3.6 es afectado por una vulnerabilidad RCE (ejecución remota de código), que permite al sistema operativo ejecutar comandos y comprometer completamente el servidor en nombre de un usuario con privilegios de nivel de autor. The Filr – Secure document library plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.2.3.5 (inclusive). This makes it possible for authenticated attackers, with author-level or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5550 – Moodle: rce due to lfi risk in some misconfigured shared hosting environments
https://notcve.org/view.php?id=CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle que también tiene acceso directo al servidor web fuera del root web de Moodle podría utilizar un archivo local incluido para lograr la ejecución remota de código. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249 https://bugzilla.redhat.com/show_bug.cgi?id=2243452 https://moodle.org/mod/forum/discuss.php?d=451591 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5540 – Moodle: authenticated remote code execution risk in imscp
https://notcve.org/view.php?id=CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad IMSCP. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409 https://bugzilla.redhat.com/show_bug.cgi?id=2243432 https://moodle.org/mod/forum/discuss.php?d=451581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •