CVE-2023-0351

The CVE-2023-0351 issue affects Akuvox E11 (all versions) where the web server backend library allows command injection in the device’s phone-book contacts functionality, enabling an attacker to upload files with executable command instructions. Public sources cite a high-severity CVSSv3.1 base s...

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

Wondershare Dr.Fone 安全漏洞

Wondershare Dr. Fone is a mobile device toolkit software from China Wondershare Technology Wondershare. The software provides applications, transfer data, contacts, messages and other auxiliary functions for the device. A security vulnerability exists in Wondershare Dr.Fone v12.9.6. An attacker...

Akuvox E11 命令注入漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. The Akuvox E11 suffers from a command injection vulnerability that stems from a web server backend library that allows command injection in the device's phonebook contact feature. This could allow an...

Debian: Security Advisory (DLA-150-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-21277 · L Soft · Listserv

Name of the Vulnerable Software and Affected Versions: L-Soft LISTSERV versions 16.5 through 16.5 Description: The issue allows an attacker to conduct XSS attacks via a crafted URL, specifically exploiting the REPORT parameter in wa.exe. Recommendations: For versions 16.5, update to version 17 or...

The vulnerability of the Apex One NT RealTime Scan service (ntrtscan.exe), an antivirus software solution provided by Trend Micro’s Apex One, exposes the system to potential threats. This vulnerability allows attackers to gain increased privileges.

The vulnerability of the Apex One NT RealTime Scan ntrtscan.exe component of Trend Micro’s Apex One and Apex One as a Service antivirus programs is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their...

PT-2023-8667 · Unknown · Hgiga Oaklouds

Name of the Vulnerable Software and Affected Versions: HGiga OAKlouds affected versions not specified Description: The HGiga OAKlouds file uploading function does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to upload and run...

Debian dla-3343 : ca-certificates-mono - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3343 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3343-1 [email protected] https://www.debian.org/lts/security/...

DEBIAN-CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter...

CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter...

PT-2023-20606

Name of the Vulnerable Software and Affected Versions mono versions prior to 6.8.0.105+dfsg-3.3 Description The issue allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. Recommendations For versions prior t...

K6806: ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K6804: ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K17156: PHP vulnerability CVE-2014-5298

Security Advisory Description FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains...

Siemens Tecnomatix Plant Simulation Out-of-Bounds Writing Vulnerability (CNVD-2023-13090)

Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, and integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application parsing specially crafted SPP files that contain out-of-bounds write...

Siemens Solid Edge Uninitialized Pointer Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from an uninitialized pointer vulnerability that can be exploited by an attacker to execute...

Atrocore 1.5.25 Shell Upload Exploit

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

SUSE CVE-2002-0389

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives...