203 matches found
EUVD-2023-44665
Malicious code in bioql PyPI...
EUVD-2023-58085
Malicious code in bioql PyPI...
CVE-2023-5802
Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...
CVE-2020-14012
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...
CVE-2013-7289
Multiple cross-site scripting XSS vulnerabilities in register.php in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 email, or 4 username parameter...
CVE-2011-1555
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase Aphpkb 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information...
WordPress KB Support plugin <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure vulnerability
Missing Authorization to Unauthenticated Ticket Reply Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin KB Support versions = 1.6.6...
CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)
The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...
Ivanti Connect Secure and Policy Secure authentication bypass and command injection
Added: 01/18/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. Resolution Apply the...
Ivanti Connect Secure and Policy Secure authentication bypass and command injection
Added: 01/18/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. Resolution Apply the...
CVE-2023-40058
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager ARM if the threat actor is in the same environment...
CVE-2023-40058
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager ARM if the threat actor is in the same environment...
Code injection
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager ARM if the threat actor is in the same environment...
CVE-2023-40058
CVE-2023-40058 relates to SolarWinds Access Rights Manager (ARM). The connected ZDI advisory documents a vulnerability in ARM that enables remote attackers to bypass authentication through misconfigurations in a RabbitMQ instance, specifically due to hard-coded credentials. This flaw allows unaut...
CVE-2023-40058 Sensitive Information Disclosure Vulnerability
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager ARM if the threat actor is in the same environment...
CVE-2023-40058 Sensitive Information Disclosure Vulnerability
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager ARM if the threat actor is in the same environment...
PT-2023-27242 · Solarwinds · Solarwinds Access Rights Manager
Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: Sensitive data was added to a public-facing knowledgebase, which could be exploited to access components of Access Rights Manager ARM if the threat actor is in the...
CVE-2023-5802
Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...
CVE-2023-5802
Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...