Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilterCriteria method. The issue results from the...

Progress Software WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetSqlWhereClause method. The issue results from the...

PT-2024-17334 · WordPress · Powerbi Embed Reports

Name of the Vulnerable Software and Affected Versions: PowerBI Embed Reports plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'MO API POWER BI' shortcode due to insufficient input sanitization and output...

Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilterCriteria method. The issue results from the...

CVE-2024-11949

CVE-2024-11949 : GFI Archiver Store Service deserializes untrusted data due to insufficient input validation, enabling remote code execution. The flaw resides in the Store Service (default port 8018) and can be triggered remotely with authentication, potentially executing code as SYSTEM. Exploita...

CVE-2024-11949 GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists with...

CVE-2024-11949 GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists with...

CVE-2024-11947 GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withi...

CVE-2024-11947

The CVE-2024-11947 entry describes a deserialization flaw in GFI Archiver’s Core Service (default port 8017) that allows remote code execution. The root cause is improper validation of user-supplied data, enabling an attacker to run arbitrary code in the SYSTEM context after authenticating. Multi...

CVE-2024-11947 GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withi...

Veritas Enterprise Vault MonitoringMiddleTier Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the MonitoringMiddleTier service, which listens on TCP port 8071 by...

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack o...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVStgOfflineOpns service. The issue results from the lack of proper...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVStgOfflineOpns service. The issue results from the lack of proper...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVMonitoring service. The issue results from the lack of proper...

PT-2024-17360 · Gfi · Gfi Archiver

Name of the Vulnerable Software and Affected Versions: GFI Archiver affected versions not specified Description: The issue is a remote code execution vulnerability due to the deserialization of untrusted data in the GFI Archiver Store Service. This allows remote attackers to execute arbitrary cod...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVExchangeWebServicesProxy service. The issue results from the lack o...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVFileSvrArcMngr service. The issue results from the lack of proper...

PT-2024-17359 · Gfi · Gfi Archiver

Name of the Vulnerable Software and Affected Versions: GFI Archiver affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this issue. The specific flaw exists withi...

SUSE CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...