CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

Design/Logic Flaw

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

PT-2023-28880 · Croc · Croc

Name of the Vulnerable Software and Affected Versions: Croc versions through 9.6.5 Description: An issue was discovered in Croc where a sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized keys file. Recommendations: For Croc versions through 9.6.5,...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...

Topaz Labs OFD Code Issue Vulnerability

Topaz Labs OFD is an application from Topaz Labs, Inc. A code issue vulnerability exists in Topaz Labs OFD version 2.11.0.201, which stems from an unknown section of the C:Program FilesTopaz OFDWarsawcore.exe file in the component Protection Module Warsaw, resulting in an unquoted search path...

NextBX QWAlerter Code Issue Vulnerability

NextBX QWAlerter is an application from NextBX Corporation. A code issue vulnerability exists in NextBX QWAlerter version 4.50, which stems from the presence of some unknown functions in QWAlerter.exe that result in unquoted search paths...

The vulnerability of the IGSSupdateservice.exe executable of the interactive graphical SCADA system, which allows a intruder to execute arbitrary code.

The vulnerability of the IGSSupdateservice.exe executable of the Interactive Graphical SCADA System IGSS update service is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading the malicious update file...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:3559-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3559-1 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion a...

CVE-2023-4581

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Oracle Linux 6 : glibc (ELSA-2011-1526)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1526 advisory. - Report write error in addmnt even for cached streams 688980, CVE-2011-1089 Tenable has extracted the preceding description block directly from the...

PT-2023-25852 · Atera · Atera

Name of the Vulnerable Software and Affected Versions: Atera affected versions not specified Description: The issue arises from the C:WindowsTempAgent.Package.AvailabilityAgent.Package.Availability.exe file being automatically launched as SYSTEM when the system reboots. Since the...

CVE-2023-32162

Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on...

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...