EUVD-2023-56447

Malicious code in bioql PyPI...

CVE-2023-50159

In ScaleFusion Windows Desktop App agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

CVE-2023-51748

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Axigen Cross-Site Scripting Vulnerability

Axigen is a mail server with groupware and collaboration features from Axigen. A cross-site scripting vulnerability exists in Axigen WebMail version v.10.5.7 and earlier. A remote attacker can exploit this vulnerability to escalate privileges via specially crafted scripts...

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Code injection

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Tenable Nessus Arbitrary File Write Vulnerability (TNS-2023-39)

Tenable Nessus is prone to an arbitrary file write vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"...

MariaDB < 10.2.44, 10.3.x < 10.3.35, 10.4.x < 10.4.25, 10.5.x < 10.5.7 DoS Vulnerability - Linux

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

Pimcore vulnerable to cross site scripting

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform; view any information that the user is able to view; modify...

GHSA-WQR6-57QM-HHR5 Pimcore vulnerable to cross site scripting

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform; view any information that the user is able to view; modify...

GitLab <= 10.5.7, 10.6.x - 10.6.4, 10.7.x - 10.7.1 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

ALPINE-CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

Cross site scripting

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting specifically, data-milestone-id in the milestone dropdown feature. This is fixed in 10.6.3, 10.5.7, and 10.4.7...

CVE-2018-9244

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting specifically, data-milestone-id in the milestone dropdown feature. This is fixed in 10.6.3, 10.5.7, and 10.4.7...

Apple Mac OS X ptrace互斥锁处理本地拒绝服务漏洞

BUGTRAQ ID: 36915 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的ptrace实现中在处理互斥锁时存在竞争条件，当系统内核试图与释放的互斥体相互锁定时可能触发这个错误，导致内核忙碌。 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com / Mac OS X 10.5.6-10.6.1 ptrace...

Mac OS X 10.5.7 (.CHM File) Local Finder.app Denial of Service Exploit

No description provided by source. !/usr/bin/env python import os; print """ Mac OS X 10.5.7 Local Finder.app DoS .CHM By: DrIDE and s0kket Greets to offsec Tested on OS X 10.5.7 This will most likely kill more than this version. \n"""; fname = rawinput" Enter the filename you would like to...

Mac OS X 10.5.7 (.CHM File) Local Finder.app Denial of Service Exploit

Exploit for unknown platform in category dos / poc ====================================================================== Mac OS X 10.5.7 .CHM File Local Finder.app Denial of Service Exploit ====================================================================== !/usr/bin/env python import os; pri...

Mozilla Firefox 3.5 (Font tags) Remote Buffer Overflow Exploit (osx)

No description provided by source. !/usr/bin/env python FireFox 3.5 Heap Spray OS X Exploit Modified by: DrIDE Originally Discovered by: Simon Berry-Bryne Pythonized by: David Kennedy ReL1K @ SecureState Thanks to HDM Tested on OS X 10.5.7 from BaseHTTPServer import HTTPServer from BaseHTTPServer...

Mozilla Firefox 3.5 Heap Spray OS X

!/usr/bin/env python FireFox 3.5 Heap Spray OS X Exploit Modified by: DrIDE Originally Discovered by: Simon Berry-Bryne Pythonized by: David Kennedy ReL1K @ SecureState Thanks to HDM Tested on OS X 10.5.7 from BaseHTTPServer import HTTPServer from BaseHTTPServer import BaseHTTPRequestHandler impo...

Mozilla Firefox 3.5 (OSX) - Font Tags Remote Buffer Overflow

Mozilla Firefox 3.5 OSX - Font Tags Remote Buffer Overflow !/usr/bin/env python FireFox 3.5 Heap Spray OS X Exploit Modified by: DrIDE Originally Discovered by: Simon Berry-Bryne Pythonized by: David Kennedy ReL1K @ SecureState Thanks to HDM Tested on OS X 10.5.7 from BaseHTTPServer import...