CVE-2022-42427

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a...

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

PT-2023-4074 · 3S Smart Software Solutions · Codesys

Name of the Vulnerable Software and Affected Versions: CODESYS affected versions not specified Description: The issue is related to insufficient input validation in CODESYS products, which can be exploited by an authenticated remote attacker to cause a denial-of-service condition by sending a...

SUSE CVE-2017-11368

In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests...

SUSE CVE-2021-3514

When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...

VulnCheck KEV: CVE-2023-21715

Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system...

Design/Logic Flaw

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...

Vulnerability fixed in phpMyAdmin

A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...

Remote Code Execution in "Import Settings" feature

Description Due to Improper data validation in "Import Settings" feature, an authenticated attacker can send crafted settings with malicious payload inside "system.croncmdline" value. Step to reproduce Requirement: PHP code must be executed on attacker machine - Step 1: Attacker run web server an...

CVE-2023-23937 Missing file upload type validation in pimcore/pimcore

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

PT-2023-1327 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands. These vulnerabilities could allow an authenticated,...

EdgeNexus ADC 操作系统命令注入漏洞

EdgeNexus ADC is a powerful and easy-to-use load balancer from EdgeNexus. An operating system command injection vulnerability exists in EdgeNexus ADC version 4.2.8, which stems from the presence of a command injection vulnerability that allows an authenticated attacker to execute arbitrary comman...

CVE-2022-37718

The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an...

Security Bulletin: Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitatio...

PT-2023-1416 · Zyxel · Zyxel Nr7101

Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue is caused by a buffer overflow vulnerability in the parameter of the CGI program. This could allow an authenticated attacker to cause denial-of-service DoS condition...

CVE-2022-43532

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script...

TP-LINK TL-WR740N 安全漏洞

The TP-LINK TL-WR740N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR740N V1 and V2 firmware v3.12.4 and earlier versions, which originates from the ability of an authenticated attacker to achieve arbitrary code execution or denial of service by...

PT-2022-27871 · Tp Link · Tp-Link Tl-Wr740N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR740N V1 and V2 versions 3.12.4 and earlier Description: The issue allows authenticated attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...

CVE-2022-43660

The CVE-2022-43660 issue is an SSI (Server-Side Includes) handling vulnerability in Movable Type and related products. A remote authenticated attacker with the privilege “Manage of Content Types” could execute arbitrary Perl scripts or arbitrary OS commands via a crafted web page. Affected are Mo...