Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions if applicab...

VulnCheck KEV: CVE-2023-35081

Ivanti Endpoint Manager Mobile EPMM contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions if...

SUSE CVE-2023-38056

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

CVE-2023-38056

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

PAN-OS: Read System Files and Resources During Configuration Commit

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. Work around: This issue requires the attacker to have authenticated access ...

CVE-2021-42079

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. POC Step 1: Prepare the SSRF with a request like this: GET...

CVE-2021-42081

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC...

CVE-2021-42079 SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. POC Step 1: Prepare the SSRF with a request like this: GET...

CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

Design/Logic Flaw

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

PT-2023-25845 · Veritas · Veritas Netbackup Appliance

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Appliance versions prior to 4.1.0.1 MR3 Description: The issue allows an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH due to insecure permissions. Recommendations:...

CVE-2023-29434

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...

CVE-2023-29423

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin = 1.3.2 versions...

CVE-2023-28044

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-27452

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wow-Company Button Generator – easily Button Builder plugin = 2.3.3 versions...

CVE-2023-26534 WordPress WP Repost Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in OneWebsite WP Repost plugin = 0.1 versions...