The vulnerability of the Virtual Delivery Agent (VDA) software, used for virtualizing and delivering Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop), on Windows operating systems, allows a malicious individual to escalate their privileges and execute arbitrary commands.

The vulnerability of the Virtual Delivery Agent VDA software for virtualizing and delivering Citrix Virtual Apps and Desktops formerly XenApp and XenDesktop on Windows operating systems is related to deficiencies in access control when using a multi-user mode. Exploiting this vulnerability can...

CVE-2023-29011

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting XSS Exploit Author: @casp3r0x0 hassan ali al-khafaji Vendor Homepage: https://www.eve-ng.net/ Software Link: https://www.eve-ng.net/index.php/download/ Version: Free EVE Community Edition Version 5.0.1-13 Tested on: Free EVE Community...

Eve-ng 5.0.1-13 Cross Site Scripting

Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 12/6/2022 Exploit Author: @casp3r0x0 hassan ali al-khafaji Vendor Homepage: https://www.eve-ng.net/ Software Link: https://www.eve-ng.net/index.php/download/ Version: Free EVE Community Edition Version 5.0.1-1...

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 12/6/2022 Exploit Author: @casp3r0x0 hassan ali al-khafaji Vendor Homepage: https://www.eve-ng.net/ Software Link: https://www.eve-ng.net/index.php/download/ Version: Free EVE Community Edition Version 5.0.1-1...

Siemens TIA Project-Server formerly untrusted search path vulnerability

TIA Project Server formerly known as TIA Multiuser Server is a fully-integrated automation multi-user application from Siemens, Germany. Siemens TIA Project-Server formerly suffers from an untrusted search path vulnerability that could be exploited by attackers to elevate privileges...

[SECURITY] Fedora 36 Update: community-mysql-8.0.32-1.fc36

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

SUSE CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

SUSE CVE-2021-37601

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information list of admins, members, owners, and banned entities of a Multi-User chat room in some common configurations...

SUSE CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service crash via a crafted XMPP Last Message Correction XEP-0308 message in multi-user chat, where the message ID equals the correction ID...

CVE-2023-21450

CVE-2023-21450 concerns Samsung’s One Hand Operation+ prior to version 6.1.21, where a missing authorization flaw allows multiple users to access the owner’s widget via gesture settings. Public detail: affected software is One Hand Operation+; vulnerable component/behavior is the missing authoriz...

Fedora 36 : rust-bat / rust-cargo-c / rust-exa / rust-git-delta / rust-gitui / etc (2023-3ec32f6d4e)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-3ec32f6d4e advisory. This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-291...

Fedora 37 : rust-bat / rust-cargo-c / rust-exa / rust-git-delta / rust-gitui / etc (2023-e3c8abd37e)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-e3c8abd37e advisory. This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-291...

Microsoft Windows Win32k 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32k. An attacker can exploit the vulnerability to elevate privileges...

ASB-A-246301995

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Amazon Linux 2022 : git (ALAS2022-2022-236)

The version of git installed on the remote host is prior to 2.37.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-236 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on...

[SECURITY] Fedora 35 Update: mariadb-10.5.18-1.fc35

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

Moderate: Red Hat Security Advisory: mysql:8.0 security, bug fix, and enhancement update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...