CVE-2024-23643

GeoServer contains a stored XSS vulnerability (CVE-2024-23643) in the GWC Seed Form. A authenticated administrator with workspace-level privileges can store a JavaScript payload in the GeoServer catalog, which then executes in another administrator’s browser when the GWC Seed Form is viewed. Affe...

PT-2024-14126 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.4 and 2.24.1 Description: An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the "REST Coverage Store API" to upload...

CVE-2024-1882

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

Remote code execution

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

CVE-2024-1654

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

CVE-2024-1882 Server-side resource injection in PaperCut NG/MF

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

PT-2024-18389 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This issue allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the application. The...

CVE-2024-2433

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interfa...

CVE-2024-2433

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interfa...

CVE-2023-32969

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

CVE-2024-22188

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

Command injection

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

PT-2024-19263 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 8.7.0 through 8.7.56 ELTS TYPO3 versions 9.5.0 through 9.5.45 ELTS TYPO3 versions 10.4.0 through 10.4.42 ELTS TYPO3 versions 11.5.0 through 11.5.34 LTS TYPO3 versions 12.4.0 through 12.4.10 LTS TYPO3 versions prior to 13.0.1...

PT-2024-15733 · WordPress · Advanced Database Cleaner

Name of the Vulnerable Software and Affected Versions: Advanced Database Cleaner plugin for WordPress versions up to, and including, 3.1.3 Description: The issue allows an authenticated attacker with administrator access and above to inject a PHP Object via deserialization of untrusted input in t...

CVE-2023-41292 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

QNAP Multiple Product Security Vulnerabilities

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system....

PT-2024-1638 · Qnap · Quts Hero +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.3.2578 build 20231110 QuTS hero versions prior to h5.1.3.2578 build 20231110 QuTScloud versions prior to c5.1.5.2651 Description: A buffer copy without checking the size of input vulnerability has been reported to...

WordPress plugin Product Enquiry for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...