EUVD-2020-22034

Malware in sbrugna...

PT-2024-24560 · Activecampaign · Activecampaign

Name of the Vulnerable Software and Affected Versions: ActiveCampaign versions n/a through 8.1.14 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker could potentially force the server to make requests to arbitrary domains, which could lead to...

WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin ActiveCampaign versions = 8.1.14...

PT-2023-30637 · Unknown · Expresstech Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: ExpressTech Quiz And Survey Master plugin versions prior to 8.1.14 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For ExpressTech Quiz...

Splunk 9.0.5 - admin account take over

!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...

Splunk Enterprise Account Takeover

https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md !/usr/bin/env python3 Splunk admin account take over exploit - CVE-2023-32707 Author: Redway Security Discovery: Santiago Lopez Vendor Description: A low-privilege user who holds a role that has the edituser capability...

CVE-2023-32709

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against th...

CVE-2023-32711

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

CVE-2023-32708

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system...

PT-2023-23982 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: An unauthorized user can access the...

PT-2023-23975 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Description: An unauthenticated attacker can send specially-crafted messages to the XML parser within SAML...

PT-2023-3015 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: A low-privileged user with the edit user...

PHP 8.1.x < 8.1.14

The version of PHP installed on the remote host is prior to 8.1.14. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

Security Bulletin: Vulnerabilities have been identified in the IBM Spectrum Protect Backup-Archive Client that may affect IBM Spectrum Protect Snapshot for Windows

Summary In IBM Spectrum Protect Snapshot for Windows 8.1.14, a number of security vulnerabilities were fixed and implemented by the IBM Spectrum Protect Backup-Archive Client. These vulnerabilities only affect IBM Spectrum Protect Snapshot for Windows when the IBM Spectrum Protect Backup-Archive...

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain...

IBM Spectrum Protect Operations Center 安全漏洞

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.14 versions contain an information disclosure vulnerability that can be exploited by an...

IBM Spectrum Protect Server 安全特征问题漏洞

IBM Spectrum Protect Server is a spectrum protection system from IBM USA, Inc. providing comprehensive data resiliency for physical file servers, virtual environments, and a wide range of applications.IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14 have a security feature issue...

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain...

CVE-2020-2010

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

Command injection

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affect...