[SECURITY] [DLA 3984-1] zabbix security update

Debian LTS Advisory DLA-3984-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost December 07, 2024 https://wiki.debian.org/LTS Package : zabbix Version : 1:5.0.45+dfsg-1+deb11u1 CVE ID : CVE-2024-36464 CVE-2024-42330 CVE-2024-42331 CVE-2024-42332 CVE-2024-42333 Debian...

Debian dla-3984 : zabbix-agent - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3984 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3984-1 [email protected]...

Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series

ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...

CVE-2023-32266

Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management ALM,Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management ALM,Quality Center:...

CVE-2023-32266 Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.

Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management ALM,Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management ALM,Quality Center:...

CVE-2023-32266

CVE-2023-32266 concerns an Untrusted Search Path vulnerability in OpenText OpenText ALM/Quality Center. Reports indicate a code inclusion flaw that lets a user archive a malicious DLL on the system before installation, affecting ALM/Quality Center versions 15.00, 15.01 (including P1–P5), 15.51 (i...

CVE-2024-49251

CVE-2024-49251 corresponds to a Local File Inclusion in the WordPress plugin Maan Addons For Elementor (

PT-2024-33389 · Unknown · Anant Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Maan Addons For Elementor versions 1.0.1 and earlier Description: The issue involves improper control of the filename for include/require statements in PHP programs, also known as PHP Remote File Inclusion. This allows for Local Code Inclusio...

CVE-2024-8215

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

CVE-2024-8215

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

CVE-2024-8215

CVE-2024-8215 - Payara Server Admin Console XSS/Remote Code Inclusion : The vulnerability arises from improper neutralization of input during web page generation, enabling remote code inclusion. Affected are Payara Server releases: 5.20.0 up to but not including 5.68.0; 6.0.0 up to but not includ...

Payara Server 安全漏洞

Payara Server is a cloud-native, innovative, open source middleware platform from Payara UK. A security vulnerability exists in Payara Server that stems from improper input neutralization during web page generation and a cross-site scripting vulnerability that allows remote code inclusion...

CVE-2024-6298

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely...

CVE-2024-6298 remote code execution

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely...

CVE-2024-6298

CVE-2024-6298 affects ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series up to firmware 3.08.01. The root cause is improper input validation in the uploadFile() handler (bigUpload.php), enabling directory traversal and remote code execution by writing arbitrary files. Exploitation has been de...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

CVE-2024-5683

CVE-2024-5683 is an improper control of generation of code vulnerability in Next4Biz BPM software. Multiple connected records confirm the issue affects Next4Biz BPM/CRM with vulnerable versions: 6.6.4.4 prior to 6.6.4.5, indicating a flaw in code generation controls that can lead to remote code e...