** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate....
8.8CVSS
7.1AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The...
8.8CVSS
7.2AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be....
8.8CVSS
7.1AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The...
8.8CVSS
8.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate....
8.8CVSS
8.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be....
8.8CVSS
8.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The...
8.8CVSS
8.7AI Score
0.001EPSS
CVE-2023-5149 D-Link DAR-7000 userattestation.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be....
6.3CVSS
8.9AI Score
0.001EPSS
CVE-2023-5148 D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The...
6.3CVSS
9AI Score
0.001EPSS
CVE-2023-5147 D-Link DAR-7000 updateos.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate....
6.3CVSS
8.9AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload.....
8.8CVSS
8.6AI Score
0.003EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload.....
8.8CVSS
7AI Score
0.003EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
8.8CVSS
8.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
8.8CVSS
7.1AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload.....
8.8CVSS
8.6AI Score
0.003EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
8.8CVSS
8.7AI Score
0.001EPSS
CVE-2023-5146 D-Link DAR-7000/DAR-8000 updatelib.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload.....
6.3CVSS
8.9AI Score
0.003EPSS
CVE-2023-5145 D-Link DAR-7000 licence.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
6.3CVSS
6.9AI Score
0.001EPSS
CVE-2023-5145 D-Link DAR-7000 licence.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
6.3CVSS
8.9AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack...
9.8CVSS
7.2AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack...
9.8CVSS
9.5AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...
8.8CVSS
7.1AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...
8.8CVSS
8.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack...
9.8CVSS
9.5AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...
8.8CVSS
8.7AI Score
0.001EPSS
CVE-2023-5144 D-Link DAR-7000/DAR-8000 updateos.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...
6.3CVSS
6.9AI Score
0.001EPSS
CVE-2023-5144 D-Link DAR-7000/DAR-8000 updateos.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...
6.3CVSS
9AI Score
0.001EPSS
CVE-2023-5143 D-Link DAR-7000 webmailattach.php Privilege Escalation
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack...
6.3CVSS
9.8AI Score
0.001EPSS
7.1AI Score
0.001EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
5.5CVSS
5AI Score
0.0004EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
4.4CVSS
4.5AI Score
0.0004EPSS
Bulletin ID: AMD-SB-4007 Potential Impact:Data Leakage Severity:Medium Summary Potential memory leak vulnerabilities in AMD Driver Execution Environment (DXE) driver. CVE Details Refer to Glossary for explanation of terms CVE| Severity| Description ---|---|--- CVE-2023-20594| Medium| Improper...
5.5CVSS
5.2AI Score
0.0004EPSS
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service (CVE-2023-20169)
A vulnerability in the Intermediate System-to-Intermediate System (IS- IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to...
7.4CVSS
6.7AI Score
0.002EPSS
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access (CVE-2023-20115)
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is...
5.4CVSS
6.7AI Score
0.001EPSS
Cisco Nexus OSPF LSA Manipulation (CVE-2017-6770)
Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This...
4.2CVSS
6.8AI Score
0.004EPSS
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. "All...
7.6AI Score
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign
A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...
7.7AI Score
5000-years.org Cross Site Scripting vulnerability OBB-3673814
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 117 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 117.0.5938.62 (Linux and Mac), 117.0.5938.62/.63( Windows) contains a number of fixes and improvements -- a list of changes...
8.8CVSS
8.9AI Score
EPSS
Multiple BGP implementations are vulnerable to improperly formatted BGP updates
Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP connection for the BGP session and de-peer the router. This is undesirable because a session reset...
7.5CVSS
6.7AI Score
EPSS
Attacker can extract value from pool by sandwiching herself at swapAll during close
Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: swapAll allows 1% slippage There is no Health Factor check after close. Alice and Bob are good friends, the steps are (in one single tx): Alice deposits 10000 USDT and borrows 7000$ worth of TR. Bob...
6.8AI Score
7.4AI Score
Lines of code Vulnerability details Impact There is a wrap() function (https://github.com/code-423n4/2023-09-ondo/blob/main/contracts/usdy/rUSDY.sol#L434-L440) called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap() function...
6.7AI Score
WooCommerce PDF Invoice Builder < 1.2.91 - Invoice Update via CSRF
Description The plugin does not have CSRF check when updating invoices, which could allow attackers to make logged in admin perform such action via a CSRF...
4.3CVSS
6.4AI Score
0.001EPSS
In the event of a fall in the price of USDY, the withdrawal of funds for the user may be blocked
Lines of code Vulnerability details Impact There is a wrap() function (https://github.com/code-423n4/2023-09-ondo/blob/main/contracts/usdy/rUSDY.sol#L434-L440) called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap() function...
6.7AI Score
Why is .US Being Used to Phish So Many of Us?
Domain names ending in ".US" -- the top-level domain for the United States -- are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains...
6.9AI Score
PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application
An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...
6.9AI Score
GOM Player 2.3.90.5360 MITM / Remote Code Execution Exploit
GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution...
7.9AI Score
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which.....
9.8CVSS
6.8AI Score
0.071EPSS
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed.....
7.1CVSS
6.7AI Score
0.001EPSS