SUSE CVE-2017-7760

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the...

SUSE CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...

Command injection

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed ...

Command injection

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-0648 dst-admin masterConsole command injection

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-0611 TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The...

CVE-2022-48006

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practicepdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

UBUNTU-CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

CVE-2023-0284

CVE-2023-0284 affects Checkmk with improper input validation of LDAP user IDs. Affected: Checkmk <= 2.1.0p19, Checkmk

Design/Logic Flaw

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitati...

Path traversal

An unauthorized user could alter or write files with full control over the path and content of the file...

Sisimai Inefficient Regular Expression Complexity vulnerability

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

Design/Logic Flaw

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

GE Digital Proficy Historian

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Digital Equipment: Proficy Historian Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Weak Encoding...

CVE-2015-10043

A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The...

CVE-2022-4616

The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...

Command injection

The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2023:0072-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0072-1 advisory. - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string bsc1206958. Tenable has extracted the preceding...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...