CVE-2023-3797

CVE-2023-3797 affects Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. The vulnerability is in /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx, where manipulating the Filedata parameter enables unrestricted file upload. Ex...

Ubuntu: Security Advisory (USN-6237-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

Design/Logic Flaw

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2020-36695

CVE-2020-36695 is a File/Directory Permissions vulnerability in Hitachi Command Suite components on Linux caused by incorrect default permissions in the Device Manager Server component, Hitachi Tuning Manager server, and related agents, enabling file manipulation. Affected versions: Hitachi Devic...

CVE-2020-36695 File and Directory Permission Vulnerability in Hitachi Command Suite

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2020-36695 File and Directory Permission Vulnerability in Hitachi Command Suite

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2023-3554

A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topicmessage/freename leads to cross site scripting. The attack may be...

Cross site scripting

A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sortby/propertyid leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-3566 wallabag Profile Config config allocation of resources

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed ...

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

WordPress plugin Jetpack 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error vulnerabilit...

PT-2023-22496 · WordPress · Jetpack

Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 12.1.1 Description: The issue allows users with author roles or above to manipulate existing files on the site, including deleting arbitrary files. In rare cases, it can also lead to Remote Code...

Vulnerabilities fixed in Fortinet FortiNAC

Fortinet has fixed vulnerabilities in FortiNAC. A unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code or manipulate files on the FortiNAC system. This requires malicious network traffic must be sent to TCP port 1050 or 5555. Fortinet has released updates t...

CVE-2023-34865

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature...