PT-2025-2933 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This issue allows MMR to serve...

PT-2024-16163 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A problematic issue was found in ZZCMS, affecting an unknown part of the file 3/qq-connect2.0/API/com/inc.php, leading to information disclosure. The attack can be initiated remotely. Recommendations: For ZZCMS...

PT-2024-27700 · Xiongmai · Xiongmai Ahb7004T-Gs-V3 +6

Name of the Vulnerable Software and Affected Versions: Xiongmai AHB7804R-MH-V2 Xiongmai AHB8004T-GL Xiongmai AHB8008T-GL Xiongmai AHB7004T-GS-V3 Xiongmai AHB7004T-MHV2 Xiongmai AHB8032F-LME Xiongmai XM530 R80X30-PQ 8M Description: A critical vulnerability was found in the Sofia Service component ...

PT-2023-32775 · Allegro Ai · Allegroai/Clearml-Server

Name of the Vulnerable Software and Affected Versions: allegroai/clearml-server versions prior to 1.13.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the ClearML Open Source Server. This server is not designed for public use and should be placed behind a...

PT-2022-26110

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.19 Parse Server versions prior to 5.3.2 Description The issue allows keywords specified in the requestKeywordDenylist option to be injected via Cloud Code Webhooks or Triggers, resulting in the keyword being...

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

NetApp Clustered Data ONTAP Vulnerabilities - Lenovo Support US

No description provided...

OS Command Injection in Security Analytics

Summary The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges. Affected Products The following...

Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2013-4408 and CVE-2012-6105)

Summary An attacker could gain privileged access to IBM Storwize V7000 Unified system by exploiting a vulnerability in Samba. Vulnerability Details CVE ID: CVE-2013-4408 and CVE-2012-6105 DESCRIPTION: This issue affects only those IBM Storwize V7000 Unified systems that use Active Directory serve...

Remote Registry Inaccessible to 2003 Server

Challenge VSS fails with the following error: Starting guest agent Cannot initialize information about the guest's system. Target host: xxx.xx.xxx.x. Cannot collect metrics about the guest's operation system. Cannot open sessions manager's registry key. Win32 error:Access is denied. Cause Typical...

Sun SunView rpc.selection_svc远程文件泄露漏洞

selectionsvc是SunOS系统下一个RPC服务。 早期SunOS系统下的的selectionsvc RPC服务程序实现上存在漏洞，允许攻击者源程读取目标系统上的任意文件。 在Sun3和Sun4系统中，远程用户可以读取任何SunView运行用户可读的文件。而在i386平台下，远程用户可以读取运行SunView的工作站上的任意文件。注意，如果root运行了SunView，那么所有的文件就都可能被远程系统所访问。...