PT-2023-27048 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: Theme Volty CMS Payment Icon module for PrestaShop versions up to 4.0.1 Description: The issue is related to improper neutralization of SQL parameters in the Theme Volty CMS Payment Icon module for PrestaShop, allowing a guest to perform SQL...

Vulnerability of the net/netfilter/ipset/ip_set_hash_netportnet.c module in Linux kernel: This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information, or to enhance their privileges.

The vulnerability in the net/netfilter/ipset/ipsethashnetportnet.c module of the Linux operating system is related to the incorrect definition of CIDRPOS used in the functions mtypeaddcidr and mtypedelcidr. Exploiting this vulnerability can allow an attacker to compromise the confidentiality,...

Authentication flaw

DISPUTED Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for...

CVE-2023-4850

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from an SQL injection attack that can be performed via the ?r=dashboard/position/edit&op=member position...

PT-2023-30859 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue was found in IBOS OA, affecting an unknown part of the file ?r=dashboard/position/del. This issue leads to sql injection and can be initiated remotely. The exploit has been disclosed to the...

PT-2023-30860 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical vulnerability has been found in IBOS OA, affecting unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely...

RELIC Input Validation Error Vulnerability

RELIC is a modern research cryptography meta-toolkit open-sourced by relic-toolkit that emphasizes efficiency and flexibility. A security vulnerability exists in previous versions of RELIC 421f2e91cf2ba42473d4d54daf24e295679e290e that originated from a vulnerability that allows an attacker to...

Store XSS in Widgets and pages

Description I noticed that you filtered the comment very carefully. But there are still some parts you missed Proof of Concept 1 .Login with admin 2 .Go to "https://demo.instantcms.io/admin/widgets" 3 . Insert payload in Position name and Title test" onmouseover = "alertdocument.cookie 4 .Click...

Assets from the old step are not properly transferred to a new TR position

Lines of code Vulnerability details Impact The transferAssetsIntoStep function's intent is to serve two purposes: transferring aAssets to a target TR position and moving assets from an old step to a target TR position. However, in practice, assets removed from the old step are not integrated into...

exitPosition in TapiocaOptionBroker may incorrectly inflate position weights

Lines of code Vulnerability details Impact Users who participate and place stakes with large magnitudes may have their weight removed prematurely from pool.cumulative, hence causing the weight logic of participation to be wrong. pool.cumulative will have an incomplete image of the actual pool hen...

CVE-2022-4923

Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. Chromium security severity: Low...

Information disclosure

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic...

CVE-2023-32427

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic...

CVE-2023-36748

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

GHSA-WHJ9-M24X-QHHP FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption

Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published Impacted version range Before 2.6.3 Details Proof of Concept As a user, do the following: 1. Select...

PT-2023-35871 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter.insertComments function. It involves the java.base/java.util.Objects.equals and com.github.javaparser.Position.equals...

The vulnerability of the Linux operating system’s IPv6 RPL kernel implementation allows a attacker to cause a service failure.

The vulnerability of the IPv6 RPL implementation in Linux operating systems is related to incorrect calculation of the packet header size in the function ipv6rplsegdatapos in the net/ipv6/rpl.c module. Exploiting this vulnerability could allow a remote attacker to cause service failures...

CVE-2023-30510

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possib...

Authentication flaw

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possib...