52 matches found
PT-2022-24053 · Ftcms · Ftcms
Name of the Vulnerable Software and Affected Versions: ftcms version 2.1 Description: The issue allows an attacker to insert malicious JavaScript code into the web page, causing the user or administrator to trigger malicious code when accessing. This is a result of a XSS vulnerability in the...
PT-2022-23861 · Unknown · Garage Management System
Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The application manage website.php is vulnerable to Shell File Upload. An already authenticated malicious user can upload a dangerous Remote Code Execution RCE or Local Code Execution LCE...
PT-2022-21083 · Snipe-It · Snipe-It
Name of the Vulnerable Software and Affected Versions: Snipe-IT version 6.0.2 Description: The issue allows attackers to execute arbitrary code via a crafted file, exploiting an arbitrary file upload vulnerability in the Update Branding Settings component. Recommendations: For Snipe-IT version...
PT-2022-20990 · Mcms · Mcms
Name of the Vulnerable Software and Affected Versions: MCMS version 5.2.8 Description: The issue is related to an arbitrary file upload vulnerability. This means that an attacker could potentially upload malicious files to the system, which could lead to various security problems. Recommendations...
PT-2022-20452 · Vapor · Vapor
Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.60.3 Description: Vapor is an HTTP web framework for Swift. Users with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. This issue can be triggered by invalid...
PT-2021-21147 · Libfetch +2 · Libfetch +2
Name of the Vulnerable Software and Affected Versions: libfetch versions prior to 2021-07-26 Description: The issue concerns the mishandling of numeric strings for the FTP and HTTP protocols. Specifically, the FTP passive mode implementation allows an out-of-bounds read due to the use of strtol t...
PT-2020-14546 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...
PT-2020-14538 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax ftp...
Disable Risky Windows Features: Hardentools
Hardentools is a collection of simple utilities designed to disable a number of “features” exposed by operating systems Microsoft Windows, for now, and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose ...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new super user account via a request to admin/users/add, 2 insert cross-site scripting XSS sequences via the apikeylabel...
PT-2014-2179 · D Link · D-Link Dir-601 Wireless N150 Home Router
Name of the Vulnerable Software and Affected Versions: D-Link DIR-601 Wireless N150 Home Router version 1.02NA Description: A directory traversal issue in the TFTP server of the affected router allows remote attackers to read arbitrary files. The exact vectors used for exploitation are not...
Microsoft Internet Explorer does not safely handle multiple file download requests
Overview A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system. Description When Internet Explorer IE follows a link to an executable file .exe, a dialog window is displayed that...