CVE-2023-4491 – Easy Address Book Web Server Buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-4491
The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-4494 – Easy Chat Server Stack-based buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-4494
An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-39469 – PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39469
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. • https://www.papercut.com/kb/Main/SecurityBulletinJuly2023 https://www.zerodayinitiative.com/advisories/ZDI-23-1285 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-23774
https://notcve.org/view.php?id=CVE-2023-23774
This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device. • https://tetraburst.com • CWE-248: Uncaught Exception CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-23773
https://notcve.org/view.php?id=CVE-2023-23773
The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •