CVE-2023-4543

A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and...

CVE-2023-4542

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The...

PT-2023-29550 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical vulnerability was found in IBOS OA, affecting unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The...

PT-2023-29244 · Openrapid · Openrapid Rapidcms

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS version 1.3.1 Description: A critical issue was found in OpenRapid RapidCMS, affecting the file template/default/category.php. The manipulation of the id argument leads to SQL injection. Recommendations: For OpenRapid...

Hospital Management System SQL注入漏洞

The Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. An SQL injection vulnerability exists in Free Hospital Management System for Small Practices version 1.0, which stems from the...

Ghost Arbitrary File Read Vulnerability

Ghost is an open source content management system . Ghost suffers from an arbitrary file read vulnerability that stems from the program failing to properly filter for special elements in a resource or file path. An attacker can exploit this vulnerability to read arbitrary files...

Jenkins Plugin Folders 日志信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

MariaDB Security Vulnerabilities

MariaDB is a free and open source database management system from the Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB MaxScale versions prior to 23.02.3, which stems from the fact that passwords are stored in plaintext in...

GHSA-M9R4-3FG7-PQM2 PrestaShop path traversal

Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. Patches 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds none References none...

PT-2023-26700 · Unknown · Shuize 0X727

Name of the Vulnerable Software and Affected Versions: ShuiZe 0x727 version 1.0 Description: A remote command execution issue was found in the component /iniFile/config.ini, allowing for potential exploitation. Recommendations: For ShuiZe 0x727 version 1.0, consider restricting access to the...

CVE-2023-38695

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

Design/Logic Flaw

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

GHSA-VXJG-HCHX-CC4G @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: js cy.get'h1'.matchImageSnapshot'../../../ignore-relative-dirs' The above will create an ignore-relative-dirs.png three levels ...

Desdev DedeCMS 代码注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

Art Gallery Management System SQL注入漏洞

Art Gallery Management System is an art gallery management system. An SQL injection vulnerability exists in Art Gallery Management System v1.0, which originates from the lack of validation of the parameter cid in /agms/product.php against external SQL input. An attacker can exploit this...

[SECURITY] [DSA 5460-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5460-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 26, 2023 https://www.debian.org/security/faq -...

PT-2023-4394 · Mariadb · Mariadb Maxscale

Name of the Vulnerable Software and Affected Versions: MariaDB MaxScale versions prior to 2.5.28 MariaDB MaxScale versions prior to 6.4.9 MariaDB MaxScale versions prior to 22.08.8 MariaDB MaxScale versions prior to 23.02.3 Description: An issue was discovered in MariaDB MaxScale where a user...

CVE-2023-3842

CVE-2023-3842 affects Pointware EasyInventory 1.0.12.0. The vulnerability stems from an unquoted search path in the vulnerable binary Easy2W.exe located under C:\Program Files (x86)\EasyInventory. This enables a local attacker to exploit the issue, with the impact described as high confidentialit...