CyberSecurityBoard
Sponsor Register Login

CVE-2023-3503

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.

Publication date: Tue, 04 Jul 2023 20:15:00 +0000


Cyber News related to CVE-2023-3503

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
5 months ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
11 months ago Microsoft.com
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
8 months ago Securelist.com
CVE-2023-3503 - A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can ...
9 months ago
Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
11 months ago Cybersecuritynews.com
CVE-2007-1071 - Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow ...
13 years ago
CVE-2007-4760 - The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via ...
7 years ago
CVE-2008-7031 - Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than ...
6 years ago
CVE-2008-7225 - Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than ...
6 years ago
CVE-2009-3503 - Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters. ...
15 years ago
CVE-2010-3503 - Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su. ...
14 years ago
CVE-2012-3503 - The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the ...
9 months ago
CVE-2013-3503 - The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an ...
11 years ago
CVE-2006-3503 - Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image. ...
7 years ago
CVE-2008-3503 - RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). ...
7 years ago
CVE-2011-3503 - Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located ...
7 years ago
CVE-2014-3503 - Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. ...
11 months ago
CVE-2008-0151 - Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options. ...
6 years ago
CVE-2005-3503 - chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges. ...
6 years ago
CVE-2007-3503 - The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago
CVE-2017-3503 - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and ...
5 years ago
CVE-2020-3503 - A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system ...
1 year ago
CVE-2016-3503 - Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. ...
2 years ago
CVE-2022-3503 - A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)