333 matches found
PT-2024-19168 · Osc +2 · Osc +2
Name of the Vulnerable Software and Affected Versions: osc affected versions not specified Description: The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc...
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...
XML External Entity (XXE) Processing in TYPO3 Core
All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external file content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see...
CVE-2024-35432
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...
RoamWiFi R10 安全漏洞
RoamWiFi R10 is a portable Internet wireless router from RoamWiFi. A security vulnerability exists in RoamWiFi R10 versions prior to 4.8.45, which stems from a vulnerability that allows an attacker to insert sensitive information into log files...
CVE-2024-22450
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise...
PT-2024-2775 · Dell · Dell Alienware Command Center
Name of the Vulnerable Software and Affected Versions: Dell Alienware Command Center versions prior to 6.2.7.0 Description: The issue is related to an uncontrolled search path element, which could allow a local malicious user to inject malicious files into the file search path. This could lead to...
EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-3398)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,...
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
Authentication flaw
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
PT-2023-6318
Name of the Vulnerable Software and Affected Versions VMware Aria Operations for Logs affected versions not specified Description The issue is related to an authentication bypass vulnerability in VMware Aria Operations for Logs. This vulnerability can be exploited by an unauthenticated, malicious...
Exploit for NULL Pointer Dereference in Gpac
CVE-2023-4683-Test This repo holds an easy to use POC for CVE...
PT-2023-5230 · Ge · Ge Cimpicity
Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...
Desktop APP RCE via saveDraft IPC
🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 commit 5383c20e947fd772668316e407edc5d5db4850db, the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example: j...
PT-2023-7355 · Splunk · Universal Forwarder +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...
Personal Weather Station Dashboard 信任管理问题漏洞
Personal Weather Station Dashboard PWSDashboard is a data-rich weather dashboard from PWSDashboard open source. A security vulnerability exists in Personal Weather Station Dashboard. An attacker can exploit this vulnerability to execute remote code by injecting PHP code into settings.php...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-2093
A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...