23 matches found
EUVD-2023-42760
Malicious code in bioql PyPI...
EUVD-2023-42761
Malicious code in bioql PyPI...
EUVD-2023-42763
Malicious code in bioql PyPI...
EUVD-2023-42756
Malicious code in bioql PyPI...
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive...
CVE-2023-39003
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp...
CVE-2023-38999
A Cross-Site Request Forgery CSRF in the System Halt API /system/halt of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service DoS via a crafted GET request...
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands...
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2...
CVE-2023-39004
Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...
CVE-2023-39003
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp...
CVE-2023-39002
A cross-site scripting XSS vulnerability in the act parameter of systemcertmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-39003
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp...
CVE-2023-39004
Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...
PT-2023-26723 · Opnsense · Opnsense Community Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is an open redirect in the Login page of OPNsense, allowing attackers to redirect a victim user to an arbitrary web si...
PT-2023-26728 · Opnsense · Opnsense Community Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A cross-site scripting XSS issue exists in the act parameter of system certmanager.php, allowing attackers to execute arbitrary...
PT-2023-26733 · Opnsense · Opnsense Community Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue allows for XSS via the openAction in the app/controllers/OPNsense/Cron/ItemController.php file, specifically in the...
CVE-2023-39002
A cross-site scripting XSS vulnerability in the act parameter of systemcertmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-38999
A Cross-Site Request Forgery CSRF in the System Halt API /system/halt of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service DoS via a crafted GET request...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...