CVE-2023-46389 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46389
Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •
CVE-2023-6151 – Information Disclosure in Eskom E-municipality
https://notcve.org/view.php?id=CVE-2023-6151
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. Una vulnerabilidad de gestión de privilegios inadecuada en el módulo de e-municipality ESKOM Computer permite recopilar datos proporcionados por los usuarios. Este problema afecta al módulo de e-municipality: anterior a v.105. Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. • https://www.usom.gov.tr/bildirim/tr-23-0664 • CWE-269: Improper Privilege Management CWE-648: Incorrect Use of Privileged APIs •
CVE-2023-6150 – Information Disclosure in Eskom E-municipality
https://notcve.org/view.php?id=CVE-2023-6150
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. Una vulnerabilidad de gestión de privilegios inadecuada en el módulo de e-municipality ESKOM Computer permite recopilar datos proporcionados por los usuarios. Este problema afecta al módulo de e-municipality: anterior a v.105. Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. • https://www.usom.gov.tr/bildirim/tr-23-0664 • CWE-269: Improper Privilege Management CWE-648: Incorrect Use of Privileged APIs •
CVE-2023-4667 – Stored Cross Site Scripting in webserver administration
https://notcve.org/view.php?id=CVE-2023-4667
The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage La interfaz web de PAC Device permite que el perfil de usuario del administrador del dispositivo almacene scripts maliciosos en algunos campos. • https://www.idemia.com/vulnerability-information • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-44991 – WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44991
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). Este problema afecta a Media File Renamer: Rename Files (Manual, Auto & AI): desde n/a hasta 5.6. 9. The Media File Renamer: Rename Files (Manual, Auto & AI) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.9 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including file upload events and paths. • https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •