CVE-2023-3381

A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site...

Online School Fees System 跨站脚本漏洞

Online School Fees System is an online school fees system by Lewa Personal Developer. A cross-site scripting vulnerability exists in Online School Fees System version 1.0, which stems from a problem in the file /paysystem/datatable.php, where incorrect manipulation of the parameter doj can lead t...

PT-2023-24505 · Sourcecodester · Sourcecodester Online School Fees System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online School Fees System version 1.0 Description: A problematic vulnerability was found in the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the doj argument leads to cross-site...

Privilege Escalation

.NET and .NET Framework are vulnerable to Privilege Escalation. The vulnerability exists when deserializing a DataSet or DataTable from XML, possibly resulting in privilege escalation...

GHSA-JX7Q-XXMW-44VF .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2023-24936: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update the...

dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML

A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML...

dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML

A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML...

Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2023:3581 Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The...

RHEL 9 : .NET 6.0 (RHSA-2023:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3581 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 6.0.18,...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 6.0.18, 7.0.7 or...

.NET Core Multiple Vulnerabilities - Windows

.NET Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore";...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 6.0.18, 7.0.7 or...

SharePoint DataSet / DataTable Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SharePoint DataSet / DataTable Deserialization', 'Description' = %q A remotely exploitable vulnerability exists within SharePoint that can be...

Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4566467)

Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB4566467 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...

July 14, 2020-KB4566516 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 and Windows Server 2019

July 14, 2020-KB4566516 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 and Windows Server 2019 Release Date: July 14, 2020 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary A remote code execution vulnerability exists in .NET Framework when the software fails...

newtonnissansouth.com XSS vulnerability

Open Bug Bounty ID: OBB-560199 Description| Value ---|--- Affected Website:| newtonnissansouth.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosu...

Piwik core/Loader.php Trojaned Distribution

The version of Piwik installed on the remote web server contains a trojaned backdoor, and allows the execution of arbitrary PHP code subject to the privileges under which the web server operates. It is likely to have been installed from a copy of the file 'latest.zip' downloaded from the project'...