CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

PT-2023-24016 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A command injection issue was identified in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially...

Undesired Behavior

Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...

CVE-2023-37490

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the...

CVE-2023-37490

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the...

CVE-2023-36923

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...

CVE-2023-37490

The CVE-2023-37490 entry concerns SAP Business Objects Installer (versions 420, 430). A network-authenticated attacker can overwrite an executable file created in a temporary directory during installation and replace it with a malicious file, enabling a full compromise of confidentiality, integri...

Rocky Linux 8 : thunderbird (RLSA-2023:4497)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4497 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document fil...

thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

Code Injection

net.bramp.ffmpeg:ffmpeg is vulnerable to Code Injection. An FFmpeg object can be created using the constructor in FFmpeg.java, but it does not validate the ffmpeg executable path, which allow an attacker to execute malicious code on the system...

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/macos-arm64 (>=8.0.0 <=8.6.7)

@pnpm/macos-arm64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

Debian DSA-5463-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5463 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fa...

CVE-2023-33742

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe...

Improper Filename Validation

Thunderbird is vulnerable to Improper Filename Validation. the vulnerability is due to a lack of preventing text direction override unicode characters in filename attachments. This can allow an attacker to attach an executable file, without the extension displayed as such...

TeleAdapt RoomCast TA-2400 安全漏洞

The TeleAdapt RoomCast TA-2400 is an all-in-one, self-contained, top-quality content streaming box for guest rooms from TeleAdapt UK. A security vulnerability exists in TeleAdapt RoomCast TA-2400 versions 1.0 through 3.1, which stems from the use of plaintext storage for the RSA private key in...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

CVE-2023-35067

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

Design/Logic Flaw

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701...