Auto Generated cves.json [Mon Oct 9 09:09:43 UTC 2023] 🤖

cves.json

@@ -1991,6 +1991,7 @@
 {"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
 {"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
 {"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"high","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
+{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"high","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"}
 {"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
 {"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
 {"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-f371a6c95c2e3b5ed340fb37d805f162
+e2609ea5a3dd5477b29b6a7b96a1014a