143 matches found
PT-2023-26053 · Unknown · Uvdesk Community Skeleton
Name of the Vulnerable Software and Affected Versions: UVDesk Community Skeleton version 1.1.1 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. This enables...
PT-2023-28009 · Unknown · Esst Monitoring
Name of the Vulnerable Software and Affected Versions: eSST Monitoring version 2.147.1 Description: A lack of input sanitizing in the file download feature allows attackers to execute a path traversal. Recommendations: For eSST Monitoring version 2.147.1, consider disabling the file download...
CVE-2023-45757
Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...
CVE-2023-45757 Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability
Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...
CVE-2023-45757
CVE-2023-45757 affects Apache bRPC 1.6.0 (e.g., 1.6.1), (2) apply the patch from PR #2411 if upgrading is difficult, or (3) disable the rpcz feature. If exploitation details or in-the-wild data are not present in the provided documents, those specifics are not stated here.
CVE-2023-41306
Vulnerability of mutex management in the bone voice ID trusted application TA module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable...
PT-2023-19047 · Accusoft · Accusoft Imagegear
Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 20.1 Description: A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality. This can be triggered by a specially crafted file, potentially leading to arbitrary code execution. An...
PT-2023-27151
Name of the Vulnerable Software and Affected Versions Routinator versions 0.9.0 through 0.12.1 Description The issue concerns a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature of Routinator. This feature allows users to store the content of...
PT-2023-23666 · Roundcube · Roundcube Password Recovery Plugin
Name of the Vulnerable Software and Affected Versions: Password Recovery plugin for Roundcube version 1.2 Description: The issue concerns the password recovery mechanism, which could allow a remote attacker to change an existing user's password by adding a 6-digit numeric token. Since the platfor...
PT-2023-27619 · Phpjabbers · Phpjabbers Car Rental Script
Name of the Vulnerable Software and Affected Versions: PHPJabbers Car Rental Script version 3.0 Description: The issue allows remote attackers to take over accounts due to a lack of verification when changing an email address and/or password on the Profile Page. Recommendations: For PHPJabbers Ca...
Cloud ADM || How to Disable Auto-License in Cloud ADM
Navigate toCloud based ADM Account - subscriptions- auto licenses , ensure if it is disabled, else disable it and rediscover ADC instances to get the auto licenses turn off...
PT-2023-25743 · Unknown · Phpgurukul Online Security Guards Hiring System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Security Guards Hiring System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload to the "search booking box" API endpoint. This is a Cross-Site Scripting XSS issue, which mean...
PT-2023-23220 · Diagon · Diagon
Name of the Vulnerable Software and Affected Versions: Diagon version 1.0.139 Description: An issue exists in the GraphPlanar::Write functionality of Diagon. A specially crafted input, such as a markdown file or a network request, can lead to memory corruption or a heap buffer overflow. This can ...
PT-2023-24244 · WordPress · Cms Commander
Name of the Vulnerable Software and Affected Versions: CMS Commander plugin for WordPress versions up to, and including, 2.287 Description: The issue is related to an authorization bypass vulnerability due to the use of an insufficiently unique cryptographic signature on the cmsc add site functio...
PT-2023-4525 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: The issue is related to the fs.openAsBlob method in Node.js, which can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag. This flaw arises from a...
PT-2023-23732 · Zhong Bang · Zhong Bang Crmeb
Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB versions up to 4.6.0 Description: A critical issue has been found, affecting the get image base64 function of the file api/controller/v1/PublicController.php. This leads to server-side request forgery and can be launched...
PT-2023-23379 · Unknown · Ckeditor Plugin For Redmine
Name of the Vulnerable Software and Affected Versions: CKEditor plugin for Redmine version 1.2.3 Description: A vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor plugin for Redmine, allowing arbitrary files to be uploaded to the server. This issue affects the...
PT-2023-22807 · Code Projects · Agro-School Management System
Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue affects the Attachment Image Handler component, specifically the file btn functions.php, leading to unrestricted upload. The attack can be initiated remotel...
PT-2023-24460 · Microworld Technologies · Escan
Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan management console version 14.0.1400.2281 Description: The issue concerns a Reflected Cross Site Scripting XSS in the view dashboard detail feature, allowing a remote attacker to inject arbitrary code via the URL...
PT-2023-23308
Name of the Vulnerable Software and Affected Versions Kibana version 8.7.0 Description The issue is an arbitrary code execution flaw. An attacker with all privileges to the Uptime/Synthetics feature could send a request to execute JavaScript code, potentially leading to the execution of arbitrary...