CVE-2023-3607 kodbox WebConsole Plug-In webconsole.php.txt Execute os command injection

A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be...

CVE-2023-3607

CVE-2023-3607 affects kodbox 1.26, specifically the Execute function in the WebConsole Plug-In (webconsole.php.txt), enabling os command injection. Exploit disclosed publicly; vendor response unavailable. The issue is described consistently across sources, with a high severity in CVSS terms. Prac...

[SECURITY] Fedora 37 Update: bind-dyndb-ldap-11.10-15.fc37

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2023 - Includes Oracle April 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

The vulnerability of the Plug-in Manager service for Trend Micro’s anti-virus software programs, Apex One and Apex One as a Service, allows a malicious actor to execute arbitrary code and gain elevated privileges.

The vulnerability of the Plug-in Manager component in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to the lack of proper blocking mechanisms when performing file operations. Exploiting this vulnerability can allow an attacker to execute arbitrary code a...

The vulnerability of the Plug-in Manager service for Trend Micro’s anti-virus software programs, Apex One and Apex One as a Service, allows attackers to execute arbitrary code and gain increased privileges.

The vulnerability of the Plug-in Manager component in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to the lack of proper blocking mechanisms when performing file operations. Exploiting this vulnerability can allow an attacker to execute arbitrary code a...

Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2023-22711 WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Agent Evolution IMPress Listings plugin = 2.6.2 versions...

How to Collect Logs for Veeam Plug-in for Microsoft SQL Server

Purpose This article explains how to collect the logs required for a support case involving Veeam Plug-in for Microsoft SQL Server. Solution Quick Start Automated Veeam Plug-in for Microsoft SQL Server Log Collection If the Windows machines where Veeam Plug-in for Microsoft SQL Server is installe...

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from not properly performing authorization...

Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION...

VulnCheck KEV: CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

UBUNTU-CVE-2021-36713

Cross Site Scripting XSS vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function fnCreateCookie. NOTE: 1.9.2 is a version from 2012...

CVE-2021-36713

Cross Site Scripting XSS vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function fnCreateCookie. NOTE: 1.9.2 is a version from 2012...

CVE-2021-36713

Cross Site Scripting XSS vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function fnCreateCookie. NOTE: 1.9.2 is a version from 2012...

K7521: Stack-based buffer overflow vulnerability in web browser plug-in

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SUSE CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 also referred to as digestmda5.c, as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code...

SUSE CVE-2005-2470

Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors...

SUSE CVE-2008-1192

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...

SUSE CVE-2008-5340

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...