PT-2024-15616 · Sourcecodester · Sourcecodester Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester House Rental Management System version 1.0 Description: A problematic issue has been found in the processing of the file index.php, where the manipulation of the page argument leads to cross site scripting. The attack can be...

CentOS 7 : thunderbird (RHSA-2023:4495)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4495 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document...

CentOS 7 : firefox (RHSA-2023:4461)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4461 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of...

Amazon Linux 2 : thunderbird (ALAS-2024-2379)

The version of thunderbird installed on the remote host is prior to 115.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2379 advisory. On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and...

LearnPress < 4.2.5.8 - Unauthenticated SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

CVE-2023-7160

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input alert0 leads to cross site...

TikTok: Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products

The "Search Product" function in the TikTok Shop Seller API contained a vulnerability that allowed access to inactive or suspended products by manipulating the "live" parameter in the API request. The vulnerability was reported to the team and remediated...

CentOS 7 : thunderbird (RHSA-2023:1401)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1401 advisory. - Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a...

CentOS 7 : firefox (RHSA-2023:7509)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7509 advisory. - On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images...

Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...

GHSA-6GGR-CWV4-G7QG Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...

QNAP VioStor NVR

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : QNAP Equipment : VioStor NVR Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...

Improper access control

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function initkcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has...

setPosMode should not allow changing the mode when the new mode's canRepay status is disabled

Lines of code Vulnerability details Impact In the scenario where the mode's canRepay status is set to false, positions using that mode cannot be repaid and liquidated. However, users are allowed to change their position's mode to one where the canRepay status is currently set to false. This could...

CVE-2023-6864

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 115.6,...

EFACEC UC 500E

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : EFACEC Equipment : UC 500 Vulnerabilities : Cleartext Transmission of Sensitive Information, Open Redirect, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Contro...

TotalCloud Insights: Hidden Risks of Amazon S3 Misconfigurations

Misconfiguring Amazon S3 Buckets Can Pose Major Risks Amazon Web Services AWS is the world’s largest cloud security provider, and it provides the ability to store massive amounts of cloud-resident data with the Amazon Simple Storage Service S3 bucket. Amazon S3 is an object storage solution known...

K000137940: Multiple Oracle MySQL vulnerabilities

Security Advisory Description CVE-2023-22015 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

PT-2023-32799 · Unknown · Phz76 Rtspserver

Name of the Vulnerable Software and Affected Versions: PHZ76 RtspServer version 1.0.0 Description: A critical issue was found in the ParseRequestLine function of the RtspMesaage.cpp file, leading to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been disclose...

DEBIAN-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...