CVE-2023-45925

GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function xerrorhandler at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem an X operation silently fails...

CVE-2023-45925

CVE-2023-45925 affects GNU Midnight Commander 4.8.29-146-g299d9a2fb. The issue is a NULL pointer dereference in x_error_handler() (tty/x11conn.c). Impact described as a crash/usability problem; some sources explicitly dispute classification as a security vulnerability. Exploit details are not pro...

PT-2024-13307 · Gnu +1 · Midnight Commander +1

Name of the Vulnerable Software and Affected Versions: GNU Midnight Commander version 4.8.29-146-g299d9a2fb Description: A NULL pointer dereference was discovered via the function x error handler at tty/x11conn.c. This issue is disputed as it may be categorized as a usability problem, where an X...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Midnight Commander vulnerability (USN-5160-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5160-1 advisory. It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker...

CVE-2022-29887

Cross-site Scripting XSS in some IntelR Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2022-29887

Cross-site Scripting XSS in some IntelR Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

Cross site scripting

Cross-site Scripting XSS in some IntelR Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2022-29887

Intel® Manageability Commander software is affected by CVE-2022-29887: a Cross-site Scripting (XSS) vulnerability in versions prior to 2.3 that may allow an unauthenticated attacker to escalate privileges via network access. The issue impacts Intel MC software and is exploitable over the network ...

CVE-2022-29887

Cross-site Scripting XSS in some IntelR Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2022-29887

Cross-site Scripting XSS in some IntelR Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

Intel Manageability Commander Cross-Site Scripting Vulnerability

Intel Manageability Commander is a lightweight console from Intel Corporation USA. for connecting to and using Intel Active Management Technology Intel AMT features. A security vulnerability exists in Intel Manageability Commander versions prior to 2.3. An attacker could exploit the vulnerability...

PT-2023-12990 · Intel · Intel Manageability Commander

Name of the Vulnerable Software and Affected Versions: IntelR Manageability Commander versions prior to 2.3 Description: The issue is related to Cross-site Scripting XSS that may allow an unauthenticated user to potentially enable escalation of privilege via network access. Recommendations: For...

Intel® Manageability Commander Software Advisory

Summary: A potential security vulenrability in some Intel® Manageability Commander Intel® MC software may allow escalation of privileges. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-29887 Description: Cross-site Scripting XS...

Amazon Linux 2 : mc (ALAS-2023-2147)

The version of mc installed on the remote host is prior to 4.8.29-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2147 advisory. An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is...

Medium: mc

Issue Overview: An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. CVE-2021-36370 Affected...

CVE-2023-3325

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

CVE-2023-3325

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

Authorization

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

CVE-2023-3325 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

CVE-2023-3325

CVE-2023-3325 : The CMS Commander plugin for WordPress (versions ≤ 2.287) has an authorization bypass caused by a non-unique cryptographic signature on cmsc_add_site, enabling unauthenticated attackers to modify the _cmsc_public_key and gain access to the plugin’s remote-control capabilities (e.g...