CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE)

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39526

PrestaShop has a CVE-2023-39526 vulnerability: remote code execution via SQL injection and arbitrary file write in the back office. Affected versions are before 1.7.8.10, 8.0.5, and 8.1.1; these versions contain patches. The advisory references indicate a fix in those versions, with no publicly d...

CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE)

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

PT-2023-26997 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.7.8.10 PrestaShop versions prior to 8.0.5 PrestaShop versions prior to 8.1.1 Description: PrestaShop is an open source e-commerce web application. The issue concerns remote code execution through SQL injection a...

CVE-2023-33367

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...

PT-2023-4359 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Ivanti patches second zero-day vulnerability being used in attacks

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency CISA has added the new...

Ivanti Endpoint Manager Mobile < 11.8.1.2 / 11.9.x < 11.9.1.2 / 11.10.x < 11.10.0.3 Arbitrary File Write (CVE-2023-35081)

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.8.1.2, 11.9.x 11.9.1.2, or 11.10.x 11.10.0.3. It is, therefore, affected by an authenticated arbitrary file write vulnerability. Note that Nessus has not tested for these issues but has inste...

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile EPMM, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 CVSS score: 7.8, impacts support...

CVE-2023-35081 - Remote Arbitrary File Write

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron Core. This vulnerability impacts all supported versions –releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. This vulnerability is different from CVE-2023-35078, released ...

CVE-2023-38745

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

CVE-2023-35936

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

Arbitrary File Write

pandoc is vulnerable to Arbitrary File Write. By providing a constructed picture element as input while creating files with the --extract-media option or outputting to PDF format, an arbitrary file write vulnerability may be exploited. This vulnerability affects systems that enable pandoc to outp...

SUSE CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

Curl Arbitrary File Write 7.x >= 7.84.0 / 8.x <= 8.1.2 (CVE-2023-32001)

The version of Curl installed on the remote host is between 7.84.0 and 8.1.2. It is therefore affected by an arbitrary file write vulnerability. Curl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called stat followed by fopen in a way that made it vulnerable t...

Debian: Security Advisory (DLA-3507-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...