CVE-2023-24471

CVE-2023-24471 is a vulnerability in Nozomi Networks Guardian/CMC prior to version 22.6.2 where access-control restrictions on actual assertions are not enforced in the debug functionality. An authenticated user with reduced visibility can access data normally restricted in the Query and Assertio...

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

Microsoft Windows Windows Smart Card Resource Management Server Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Smart Card Resource Management Server. An attacker could exploit this vulnerability to bypass certain functionality. The following...

CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTARULECHAINID. This flaw allows a local user to crash or escalate their privileges on the system...

CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTARULECHAINID. This flaw allows a local user to crash or escalate their privileges on the system...

Design/Logic Flaw

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -...

isDeprecated CAN ONLY BE MADE TO true AND CAN NOT BE CHANGED TO false IN THE FUTURE IF THE NEED ARISES

Lines of code Vulnerability details Impact The RoeRouter.deprecatePool function is used to Deprecate a pool. It is a onlyOwner modifier controlled function. A pool can be deprecated via the deprecatePool function as shown below: function deprecatePooluint poolId public onlyOwner...

Incorrect Import Path Directories

Lines of code Vulnerability details Impact Wrong Import Path Directories of LiquidationPair.sol contract would affect the functionality of the contract as this contract relies of the implementation of this imports Proof of Concept 4. import ILiquidationSource from...

CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTARULECHAINID. This flaw allows a local user to crash or escalate their privileges on the system...

CVE-2023-33363

An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...

CVE-2023-33363

An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...

CVE-2023-33363

An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...

Moxa AWK-3131A HTTP GET Denial of Service (CVE-2016-8723)

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...

Moxa AWK-3121 Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2018-10703)

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter iwserverip is susceptible to...

Moxa AWK-3131A Series Industrial AP/Bridge/Client Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-5140)

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...

Moxa NPort W2x50A Authenticated OS Command Injection in Web Server Ping Functionality (CVE-2018-19659)

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/netWebPingGetValue can result in running OS commands as the root user. This is...

Cross site scripting

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

CVE-2023-38305

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...

CVE-2023-38305

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...