CyberSecurityBoard
Sponsor Register Login

CVE-2023-4993

Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.

Publication date: Thu, 15 Feb 2024 22:15:00 +0000


Cyber News related to CVE-2023-4993

CVE-2016-6339 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4993. Reason: This candidate is a reservation duplicate of CVE-2016-4993. Notes: All CVE users should reference CVE-2016-4993 instead of this candidate. All references and ...
54 years ago Tenable.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
5 months ago Tenable.com
CVE-2023-4993 - Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8. ...
9 months ago
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
11 months ago Microsoft.com
CVE-2015-4998 - Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web ...
7 years ago
CVE-2015-4993 - Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web ...
7 years ago
CVE-2019-17497 - Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user ...
5 years ago
CVE-2018-1067 - In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization ...
4 years ago
CVE-2012-4993 - torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. ...
12 years ago
CVE-2010-4993 - SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. ...
7 years ago
CVE-2009-4993 - PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. Note: http://inj3ct0r.com/exploits/5624 ...
7 years ago
CVE-2008-4993 - qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. ...
7 years ago
CVE-2006-4993 - Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) ...
6 months ago
CVE-2016-4993 - CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting ...
6 years ago
CVE-2014-4993 - (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by ...
6 years ago
CVE-2007-4993 - pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec ...
6 years ago
CVE-2018-4993 - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure. ...
5 years ago
CVE-2020-4993 - IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905. ...
3 years ago
CVE-2011-4993 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none ...
54 years ago Tenable.com
CVE-2017-4993 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com
CVE-2024-4993 - Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials. ...
6 months ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
8 months ago Securelist.com
Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
11 months ago Cybersecuritynews.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
10 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)