PT-2023-27688 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetStaticRouteCfg" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...

CrafterCMS 4.0.2 Cross Site Scripting

--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

PT-2023-26597 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: The issue allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0,...

PT-2023-26695 · Tenda · Tenda Fh1202 +3

Name of the Vulnerable Software and Affected Versions: Tenda F1202 version 1.2.0.9 PA202 version 1.1.2.5 PW201A version 1.1.2.5 FH1202 version 1.2.0.9 Description: A stack overflow issue was discovered via the page parameter at the "/L7Im" API endpoint. This issue affects several Tenda devices...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to improper view permissions which allows an attacker to see pending invitations of any public group or public project by visiting an API endpoint...

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

PT-2023-24965 · Ruijie Networks · Rg-Nbs +6

Name of the Vulnerable Software and Affected Versions: Ruijie Networks RG-EW series home routers and repeaters version EW 3.01B11P204 Ruijie Networks RG-NBS and RG-S1930 series switches version SWITCH 3.01B11P218 Ruijie Networks RG-EG series business VPN routers version EG 3.01B11P216 Ruijie...

PT-2023-25028 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions through 5.7.109 Description: The issue allows remote attackers to run arbitrary code via a crafted POST request to the "/dede/tpl.php" API endpoint. This enables attackers to execute arbitrary code on the affected system...

PT-2023-24376 · Guanzhou Tozed Kangwei Intelligent Technology · Zlts10G

Name of the Vulnerable Software and Affected Versions: Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G version S10G 3.11.6 Description: A Cross-Site Request Forgery CSRF issue allows attackers to takeover user accounts by sending a crafted POST request to the "/goform/goform set cmd process...

PT-2023-26792 · Bmc · Bmc Control-M

Name of the Vulnerable Software and Affected Versions: BMC Control-M versions prior to 9.0.21 BMC Control-M version 9.0.20.200 Description: The issue allows SQL injection via the "/RF-Server/report/deleteReport" API endpoint, specifically through the report-id parameter. Recommendations: For BMC...

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as...

PT-2023-25813 · Unknown · Diafan Cms

Name of the Vulnerable Software and Affected Versions: Diafan CMS version 6.0 Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs via the cat id parameter at the "/shop/?module=shop&action=search" API endpoint. Recommendations: For Diafan CMS version 6.0...

PT-2023-26533 · Unknown · Office Suite Premium

Name of the Vulnerable Software and Affected Versions: Office Suite Premium Version v10.9.1.42602 Description: A reflected cross-site scripting XSS issue was found in Office Suite Premium via the filter parameter at the "/api?path=files" API endpoint. This allows for potential malicious script...

PT-2023-26107 · Geeklog · Geeklog

Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...

Security Bulletin: Multiple operator framework security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary symlink is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework CVE-2015-3627. Distribution is used by IBM Robotic Process Automation as part of the operator framework CVE-2023-2253. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink...

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. PoC curl -i -s -k -X $'GET' \ -H $'Host: localhost:8000' -H $'sec-ch-ua: ' -H $'Accept:...

PT-2023-25065 · H3C · H3C Magic

Name of the Vulnerable Software and Affected Versions: H3C Magic B1STV100R012 affected versions not specified Description: A stack overflow in the UpdateMacClone function allows attackers to cause a Denial of Service DoS via a crafted POST request to an unspecified API endpoint. Recommendations: ...

PT-2023-25062 · H3C · H3C Magic

Name of the Vulnerable Software and Affected Versions: H3C Magic version B1STV100R012 Description: A stack overflow in the UpdateWanParams function allows attackers to cause a Denial of Service DoS via a crafted POST request to an unspecified API endpoint. Recommendations: For version B1STV100R01...