Hardcoded credentials

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...

CVE-2023-45281

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...

CVE-2023-45281

CVE-2023-45281 affects Yamcs 5.8.6. An attacker can obtain the session cookie by uploading a crafted HTML file, exposing confidentiality (session data) with no availability impact. CVSS 3.1 base score 6.1 (Network, Low attack complexity, No privileges required, User interaction required, Confiden...

CVE-2023-39612

A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...

CVE-2023-39612

A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...

CVE-2023-39612

A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

Privilege escalation

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

PT-2023-28016 · Grupposcai · Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: The issue allows attackers to execute arbitrary code via uploading a crafted HTML file, exploiting an arbitrary file upload vulnerability in the Carica immagine function. Recommendations: For...

UBUNTU-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

GHSA-JP5R-4X9Q-4VCF xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

CVE-2020-24922

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

CVE-2020-24922

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...

GHSA-W3QM-93VF-5HRW Cockpit Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. For any role that has permission to execute function assets, an attacker can upload a html file and that leads to XSS...

PT-2023-4279 · Cockpit Hq · Cockpit

Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.6.3 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the cockpit-hq/cockpit GitHub repository. This vulnerability exists due to inadequate protection of the web...