PYSEC-2024-248

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

DEBIAN-CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

The vulnerability of the Gogs self-managed Git repository creation software lies in its use of files and directories accessible from external parties, allowing a malicious actor to delete or modify any files they wish.

The vulnerability of the Gogs self-managed Git repository creation software relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor to delete or modify any files at will...

CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the...

CVE-2024-39546

A Missing Authorization vulnerability in the Socket Intercept SI command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privile...

CVE-2024-23194

Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...

Gallagher Command Centre security breach

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre vEL9.10.1268 MR1 prior to v9.10, which stems from an improperly neutralized log output may give an attacker limited...

Juniper Networks Junos OS Evolved Security Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. A security vulnerability exists in Juniper Networks Junos OS Evolved that stems from a lack of authorization vulnerability that could allow an authenticated, low-privileged local attacker to modify certain...

The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer allows a perpetrator to gain access to modify arbitrary files.

The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer is related to the use of dangerous HTTP methods. Exploiting this vulnerability can allow a malicious actor to remotely access and modify arbitrary files...

CVE-2023-42503

A flaw was found in Apache Commons Compress, where it would permit the creation of a malformed TAR file by manipulating file modification time headers. This issue can lead to excessive CPU consumption and a denial of service, affecting the availability...

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

Hazardous Method or Function Vulnerability Exposed by Siemens SINEC Traffic Analyzer

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer has an exposed dangerous method or...

CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...

CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...

Siemens SINEC Traffic Analyzer 安全漏洞

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer has an exposed dangerous method or...

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

PT-2024-31920

Name of the Vulnerable Software and Affected Versions ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form. Recommendations...