CVE-2023-7305

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

CVE-2023-7305

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

CVE-2023-7305

CVE-2023-7305 affects SmartBI V8, V9 and V10. The vulnerability is an unrestricted file upload via the RMIServlet request handling logic, enabling attackers to trigger sensitive operations or arbitrary code execution on the host under certain configurations. The vendor released a fix in July 2023...

CVE-2023-7305 SmartBI RMIServlet Unrestricted File Upload RCE

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

VulnCheck KEV: CVE-2023-7305

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

EUVD-2023-35012

Malicious code in bioql PyPI...

EUVD-2023-35033

Malicious code in bioql PyPI...

EUVD-2023-35013

Malicious code in bioql PyPI...

CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

CVE-2023-41107

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...

CVE-2023-30665

Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read...

CVE-2023-30668

Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2023-30649

Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code...

CVE-2023-30647

Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code...

CVE-2023-30656

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities...

CVE-2023-30670

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code...

Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)

Oracle Java SE Multiple Vulnerabilities July 2023 CPU CVE-2023-22041 Base Score: 5.1 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-25193 Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-22045 Base Score: 3.7 LOW Vector:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Oracle July 2023 CPU (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2023. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fix...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle July 2023 CPU (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.1 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in July 2023. Vulnerability Details Refer to the security bulletins listed...

JVN#67215338: FusionPBX vulnerable to cross-site scripting

FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the software Update the software to the latest version according to the information provided by the...