Design/Logic Flaw

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CVE-2023-45878

Gibbon LMS

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

PT-2023-29739 · Gibbon · Gibbon

Name of the Vulnerable Software and Affected Versions: GibbonEdu Gibbon versions 25.0.1 and before Description: The issue allows for Arbitrary File Write due to the lack of authentication in the rubrics visualise saveAjax.php file. This file accepts parameters such as img, path, and gibbonPersonI...

CVE-2023-46253

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

Design/Logic Flaw

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

CVE-2023-46253 Remote code execution in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

CVE-2023-46253 Remote code execution in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

CVE-2023-46253 Remote code execution in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

CVE-2023-46253

Squidex vulnerability CVE-2023-46253 affects the open source headless CMS Squidex, where the backup restore feature can be abused by an authenticated user with squidex.admin.restore permission to write files and cause remote code execution (RCE). The root cause is that during asset restoration, t...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

libreoffice: Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...

Code injection

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

squidex path traversal vulnerability

squidex is a Headless CMS and Content Management Center. A path traversal vulnerability exists in squidex version 7.8.2, which stems from an arbitrary file write vulnerability in the backup restore feature...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 9 : libreoffice (RHSA-2023:6508)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

Rocky Linux 9 : gzip (RLSA-2022:4582)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4582 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Rocky Linux 8 : xz (RLSA-2022:4991)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4991 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...