CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

Code injection

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25356

CVE-2023-25356 affects CoreDial sipXcom up to and including 21.04. The issue is Improper Neutralization of Argument Delimiters in a Command via XMPP, allowing injection of arbitrary arguments into a system command, enabling reading and writing files on the sipXcom server and potentially remote co...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

Mahara 21.04.x < 21.04.7, 21.10.x < 21.10.5, 22.04.x < 22.04.3 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

CVE-2022-42707

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions...

PT-2022-26512 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 21.04 through 21.04.6 Mahara versions 21.10 through 21.10.4 Mahara versions 22.04 through 22.04.2 Mahara versions 22.10 through 22.09.9 is not a correct range, simplifying to: Mahara version 22.10.0 However, since 22.10.0 is t...

Mahara 安全漏洞

Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara version 21.04 up to and including 21.04.7, 21.10 up to and including 21.10.5, 22.04 up to and including 22.04.3, and 22.10.0, which stems from a lack of privilege checking...

CVE-2022-42707

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions...

Ubuntu: Security Advisory (USN-5157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-6323 · Canonical · Ubuntu

Name of the Vulnerable Software and Affected Versions: Mahara versions 21.04 through 21.04.6 Mahara versions 21.10 through 21.10.4 Mahara versions 22.04 through 22.04.2 Mahara version 22.10.0 Description: The vulnerability exists due to the lack of protection of the web page structure in the PDF...

PT-2022-21906 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 21.04 through 21.04.5 Mahara versions 21.10 through 21.10.3 Mahara version 22.04.2 Description: The issue allows files to be downloaded through thumb.php with no permission check. Recommendations: For Mahara versions 21.04...

Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Date: 04/02/2022 Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys...

Zenario CMS 9.0.54156 Remote Code Execution

Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Date: 04/02/2022 Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys...

Zenario CMS 9.0.54156 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys import json import...

CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...

CVE-2022-24111

Summary: CVE-2022-24111 affects Mahara 21.04 prior to 21.04.3 and 21.10 prior to 21.10.1. The vulnerability allows portfolios (including group-based portfolios and site/institution-level portfolios) to be viewed without authentication if the URL is known, constituting an information-disclosure is...

Design/Logic Flaw

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

Ubuntu: Security Advisory (USN-4955-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4913-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...