PT-2023-28800 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: The issue allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. This enables the attacker to...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

CVE-2023-43359

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component...

CVE-2023-43342

Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component...

CVE-2023-43342

Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component...

Vulnerability fixed in Dell Openmanage

A vulnerability has been fixed in Dell OpenManage Server Administrator, version 11.0.0.0 and earlier. A local malicious user could exploit this security vulnerability to execute arbitrary execute code and obtain elevated user privileges. Dell has released updates to fix the vulnerability in OMSA...

PT-2023-29304 · Unknown · Expense Management System

Name of the Vulnerable Software and Affected Versions: Expense Management System version 1.0 Description: An issue in the Expense Management System allows a local attacker to execute arbitrary code via a crafted file uploaded to the "sign-up.php" component. Recommendations: For Expense Management...

VulnCheck KEV: CVE-2022-23748

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

PT-2023-6260 · Siemens · Simatic Cp 1623 +4

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1604 All versions SIMATIC CP 1616 All versions SIMATIC CP 1623 All versions SIMATIC CP 1626 All versions SIMATIC CP 1628 All versions Description: A vulnerability has been identified that exposes kernel memory of affected devices t...

CVE-2023-36123

Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information...

CVE-2023-35897

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...

CVE-2023-44771

A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout...

CVE-2023-35897

IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments (Data Protection for VMware/Hyper-V) versions 8.1.0.0–8.1.19.0 are affected by a DLL hijacking flaw that could allow a local user to execute arbitrary code via a specially crafted file. The issue impacts Wi...

CVE-2023-43343

Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component...

CVE-2023-30733

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution...

AZL-34733 CVE-2023-4911 affecting package glibc for versions less than 2.38-6

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

DEBIAN-CVE-2023-43361

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files...

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

CVE-2023-43873

A Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu...

CVE-2023-41444

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun1400084d0 function in IREC.sys driver...