CVE-2023-31162 Improper Input Validation in Web Interface

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more...

DEBIAN-CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

Design/Logic Flaw

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

CVE-2023-32076

Summary of CVE-2023-32076 (in-toto) : The vulnerability affects in-toto up to version 1.4.0, where the framework reads configuration from XDG directories and includes the hidden file .in_totorc. If an attacker controls inputs to a supply chain step, they can inject a crafted .in_totorc with exclu...

PT-2023-23197 · Schweitzer Engineering Laboratories · Sel Rtac

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC affected versions not specified Description: An Improper Input Validation issue in the SEL RTAC Web Interface could allow a remote authenticated attacker to alter th...

Sql injection

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0released 2003-08-06 Note that Log4cxx is a C++ framework, so only C++ applications...

CVE-2023-31038

Summary (CVE-2023-31038): SQL injection in the Log4cxx ODBC appender allows injecting SQL into a database because input fields were not escaped in older releases. The vulnerability affected builds where ODBC support was present, the ODBCAppender was enabled, and user input was logged. It has been...

CVE-2023-31038 Apache Log4cxx: SQL injection when using ODBC appender

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0released 2003-08-06 Note that Log4cxx is a C++ framework, so only C++ applications...

CVE-2022-43877 IBM UrbanCode Deploy (UCD) information disclosure

IBM UrbanCode Deploy UCD versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148...

AppDomain Manager Injection: New Techniques For Red Teams

AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin Living Off the Land Binary by forcing the application to load a specially crafted .NET assembly,...

Firejail: Local Privilege Escalation

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Firejail does not sufficiently validate the user's environment prior to using it as the root user when using th...

SUSE CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

CVE-2023-22917

A buffer overflow vulnerability in the “sdwanifaceipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50W firmware versions 5.10 through 5.32, USG20W-VPN firmware versions 5.10 through 5.32, and VPN series firmware...

Buffer overflow

A buffer overflow vulnerability in the “sdwanifaceipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50W firmware versions 5.10 through 5.32, USG20W-VPN firmware versions 5.10 through 5.32, and VPN series firmware...

CVE-2023-1731

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands...

CVE-2023-1731 Improper Input Validation in Meinberg LTOS

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands...

barbican 安全漏洞

barbican is an OpenStack key management service, API server. A security vulnerability exists in barbican that stems from the barbican configuration file being set to globally readable in Red Hat OpenStack, which poses a security risk because it allows an attacker with limited access to the file t...

GHSA-3JXW-CV35-2MMV Apache DolphinScheduler's python gateway suffered from improper authentication

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the...

CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the...