CVE-2023-45757

CVE-2023-45757 affects Apache bRPC 1.6.0 (e.g., 1.6.1), (2) apply the patch from PR #2411 if upgrading is difficult, or (3) disable the rpcz feature. If exploitation details or in-the-wild data are not present in the provided documents, those specifics are not stated here.

CVE-2023-45757 Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

CVE-2023-41306

Vulnerability of mutex management in the bone voice ID trusted application TA module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable...

PT-2023-19047 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 20.1 Description: A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality. This can be triggered by a specially crafted file, potentially leading to arbitrary code execution. An...

PT-2023-27151

Name of the Vulnerable Software and Affected Versions Routinator versions 0.9.0 through 0.12.1 Description The issue concerns a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature of Routinator. This feature allows users to store the content of...

PT-2023-23666 · Roundcube · Roundcube Password Recovery Plugin

Name of the Vulnerable Software and Affected Versions: Password Recovery plugin for Roundcube version 1.2 Description: The issue concerns the password recovery mechanism, which could allow a remote attacker to change an existing user's password by adding a 6-digit numeric token. Since the platfor...

PT-2023-27619 · Phpjabbers · Phpjabbers Car Rental Script

Name of the Vulnerable Software and Affected Versions: PHPJabbers Car Rental Script version 3.0 Description: The issue allows remote attackers to take over accounts due to a lack of verification when changing an email address and/or password on the Profile Page. Recommendations: For PHPJabbers Ca...

Cloud ADM || How to Disable Auto-License in Cloud ADM

Navigate toCloud based ADM Account - subscriptions- auto licenses , ensure if it is disabled, else disable it and rediscover ADC instances to get the auto licenses turn off...

PT-2023-25743 · Unknown · Phpgurukul Online Security Guards Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Security Guards Hiring System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload to the "search booking box" API endpoint. This is a Cross-Site Scripting XSS issue, which mean...

PT-2023-23220 · Diagon · Diagon

Name of the Vulnerable Software and Affected Versions: Diagon version 1.0.139 Description: An issue exists in the GraphPlanar::Write functionality of Diagon. A specially crafted input, such as a markdown file or a network request, can lead to memory corruption or a heap buffer overflow. This can ...

PT-2023-24244 · WordPress · Cms Commander

Name of the Vulnerable Software and Affected Versions: CMS Commander plugin for WordPress versions up to, and including, 2.287 Description: The issue is related to an authorization bypass vulnerability due to the use of an insufficiently unique cryptographic signature on the cmsc add site functio...

PT-2023-4525 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: The issue is related to the fs.openAsBlob method in Node.js, which can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag. This flaw arises from a...

PT-2023-23732 · Zhong Bang · Zhong Bang Crmeb

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB versions up to 4.6.0 Description: A critical issue has been found, affecting the get image base64 function of the file api/controller/v1/PublicController.php. This leads to server-side request forgery and can be launched...

PT-2023-23379 · Unknown · Ckeditor Plugin For Redmine

Name of the Vulnerable Software and Affected Versions: CKEditor plugin for Redmine version 1.2.3 Description: A vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor plugin for Redmine, allowing arbitrary files to be uploaded to the server. This issue affects the...

PT-2023-22807 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue affects the Attachment Image Handler component, specifically the file btn functions.php, leading to unrestricted upload. The attack can be initiated remotel...

PT-2023-24460 · Microworld Technologies · Escan

Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan management console version 14.0.1400.2281 Description: The issue concerns a Reflected Cross Site Scripting XSS in the view dashboard detail feature, allowing a remote attacker to inject arbitrary code via the URL...

PT-2023-23308

Name of the Vulnerable Software and Affected Versions Kibana version 8.7.0 Description The issue is an arbitrary code execution flaw. An attacker with all privileges to the Uptime/Synthetics feature could send a request to execute JavaScript code, potentially leading to the execution of arbitrary...

PT-2023-21989 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions prior to 9.1 Description: The issue concerns stored XSS in the RSS Displayer via the href attribute. This occurs because the link element input was not sanitized, allowing for potential exploitation...

PT-2023-17171 · Sourcecodester · Earnings/Expense Tracker App

Name of the Vulnerable Software and Affected Versions: SourceCodester Earnings and Expense Tracker App version 1.0 Description: A problematic vulnerability has been found in the software, affecting an unknown part of the file, specifically the "Master.php?a=save expense" endpoint. The manipulatio...

SUSE CVE-2022-24812

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...