156 matches found
CVE-2024-47533 Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...
Cobbler 授权问题漏洞
Cobbler is an open source network installation server suite from Cobbler, which is used to quickly set up Linux network installation environments. An authorization issue vulnerability exists in Cobbler versions 3.0.0 through 3.2.3 and prior to 3.3.7 that stems from improper authentication,...
WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control
Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...
PT-2024-23014 · Unknown · Mybooktable Bookstore
Name of the Vulnerable Software and Affected Versions: MyBookTable Bookstore versions 3.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject...
PT-2024-13860 · Stmicroelectronics · Stsafe-A1Xx +1
Name of the Vulnerable Software and Affected Versions: STMicroelectronics STSAFE-A1xx versions prior to 3.3.7 X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications version 1.2.0 Description: The issue allows MCU code execution if an adversary has the ability to read from and write to th...
Filename spoofing in archive
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
Archive 路径遍历漏洞
Archive is a Dart library for encoding and decoding various archive and compression formats such as Zip, Tar, GZip, ZLib and BZip2. A security vulnerability exists in Archive version v3.3.7 that originates from allowing an attacker to perform path traversal by extracting a carefully crafted zip...
PT-2023-26799 · Archive · Archive
Name of the Vulnerable Software and Affected Versions: Archive version 3.3.7 Description: The issue allows attackers to spoof zip filenames, leading to inconsistent filename parsing. Recommendations: For Archive version 3.3.7, consider restricting the parsing of zip filenames to minimize the risk...
WordPress Order Tracking Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Order Tracking Type Plugin Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29d4142f0f03 Credits Marco Wotschka...
CVE-2023-23328
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...
CVE-2023-23326
A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...
Unrestricted file upload
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...
PT-2023-18908 · Avantfax · Avantfax
Name of the Vulnerable Software and Affected Versions: AvantFAX version 3.3.7 Description: A Stored Cross-Site Scripting XSS issue exists, allowing an authenticated low-privilege user to inject arbitrary Javascript into their e-mail address. This code is executed when an administrator logs in to...
iFAX AvantFAX 信息泄露漏洞
iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from an information disclosure vulnerability where backups of...
CVE-2023-23326
A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...
CVE-2023-23326
AvantFAX 3.3.7 contains a Stored Cross-Site Scripting (XSS) vulnerability. An authenticated low-privilege user can inject arbitrary JavaScript into their email address, which is executed when an administrator logs in to view the admin dashboard, potentially enabling theft of the administrator’s s...
iFAX AvantFAX 代码问题漏洞
iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from a file upload vulnerability that can be exploited by an...
CVE-2023-23327
Summary (concrete facts): CVE-2023-23327 affects AvantFAX 3.3.7, where backups of sent/received faxes and database backups are stored on the web server with the current date as filenames and without access controls, enabling potential information disclosure. Multiple connected sources corroborate...
CVE-2022-38094
OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...
CVE-2022-34869
Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...