PT-2023-32000 · Unknown · Sourcecodester Engineers Online Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file my classmates.php. The manipulation of the teacher class student id argument leads...

PT-2023-31991 · Sourcecodester · Sourcecodester Best Courier Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Courier Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file view parcel.php. The manipulation of the id argument leads to sql injection...

CVE-2023-43663 Improper Privilege Management in Prestashop

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included i...

CVE-2023-38871

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

CVE-2023-32541

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability...

Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value

Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...

PT-2023-26652 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 April 2023 Description: The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a...

CVE-2023-32541

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability...

PT-2023-23864 · Hancom · Hancom Office 2020 Hword

Name of the Vulnerable Software and Affected Versions: Hancom Office 2020 HWord version 11.0.0.7520 Description: A use-after-free issue exists in the footerr functionality. This can be triggered by a specially crafted .doc file, potentially allowing an attacker to exploit the vulnerability by...

CVE-2023-35002

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3600-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3600-2 advisory. The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3599-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3599-2 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

How to change the DNS for a Citrix Hypervisor

Change the DNS for Citrix Hypervisor...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3684-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3684-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3683-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3683-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. Th...

CVE-2023-32649

A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...

CVE-2023-29245

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...

Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0

Summary A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Impact Authenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application...

Mars: RXSS on ████ via q parameter

A reflected Cross-Site Scripting XSS vulnerability was identified on the ████████ website at the search endpoint. The vulnerability was present in the 'q' parameter of the search functionality, where user-supplied input was reflected back to the page without proper sanitization or encoding...

AlmaLinux 9 : kernel-rt (ALSA-2023:5091)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5091 advisory. - A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options...