SysAid Help Desk <15.2 - Local File Inclusion

SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. dot dot in the fileName parameter of getGfiUpgradeFile or cause a denial of service CPU and memory consumption via .. dot dot in the fileName paramet...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP55 and Version 8 SR6-FP0 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in Oct2019. Vulnerability Details...

EUVD-2026-2996

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

CVE-2024-2996

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...

Amazon Linux 2 : edk2, --advisory ALAS2-2025-2996 (ALAS-2025-2996)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2996 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2024-388...

CVE-2019-2996 vulnerabilities

Vulnerabilities for packages: openjdk-11-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-17-openj9...

CVE-2025-2996

creationtimestamp| type| source ---|---|--- 2025-03-31 13:31:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9642...

Linux Distros Unpatched Vulnerability : CVE-2022-2996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up...

Linux Distros Unpatched Vulnerability : CVE-2017-2996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to...

SysAid Help Desk Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Arbitrary File Download', 'Description' = %q This module exploits two vulnerabilities in SysAid Help Desk that allows an...

SysAid Help Desk Database Credentials Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'SysAid Help Desk Database Credentials Disclosure', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk...

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-2996)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2996 advisory. - Fix for CVE-2023-6377, CVE-2023-6478 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

CentOS 8 : xorg-x11-server-Xwayland (CESA-2024:2996)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:2996 advisory. - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data...

CVE-2024-2996

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2024-2996

CVE-2024-2996 affects the Bdtask Multi-Store Inventory Management System (versions up to 20240320). The vulnerability lies in the Page Title Handler component, where manipulation can cause cross-site scripting (XSS) . It is exploitable remotely and, per disclosures, the exploit has been public. S...

CVE-2019-2996

creationtimestamp| type| source ---|---|--- 2024-01-09 20:46:30+00:00| seen| https://t.me/ctinow/165346...

CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2023-2996

Jetpack WordPress plugin (versions prior to 12.1.1) is affected by a vulnerability where uploaded files are not validated. This allows users with author roles or higher to manipulate existing files, delete arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. ...

CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...