The vulnerability of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability arises due to the failure to take measures to eliminate special elements within the platform, allowing attackers to inject arbitrary code.

The vulnerability of the XWiki platform lies in its lack of measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely...

CVE-2024-22936

CVE-2024-22936 affects Genesis AIMS Student Information Systems (Genesis SIS) v.3053, specifically the Parents & Student Portal where the message parameter is vulnerable to cross-site scripting (XSS). The underlying issue is improper handling of the message input, allowing remote attackers to inj...

Code injection

A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...

USN-6592-1 libssh vulnerabilities

It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...

Cross site scripting

A Cross-site scripting XSS vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part...

Attacks, Vulnerabilities and Actors 1 January to 7 January 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twelve executed attacks, two instances of adversary activity, and three exploited...

Ivanti Addresses Critical Vulnerability in Endpoint Manager

Summary: Ivanti addressed a critical vulnerability CVE-2023-39336 in its Endpoint Management software, ensuring secure usage for its 40,000 worldwide customers. The flaw, resolved in version 2022 Service Update 5, posed a risk of pre-authenticated sql injection and possibly Remote Code Injection ...

QNAP Systems QuMagie Cross-Site Scripting Vulnerability

QNAP Systems QuMagie is a QTS photo management application from QNAP Systems. A cross-site scripting vulnerability exists in QNAP Systems QuMagie prior to version 2.2.1, which stems from the presence of a cross-site scripting XSS vulnerability that could allow an authenticated user to inject...

CVE-2024-0196

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed ...

CVE-2024-0196

CVE-2024-0196 (Magic-Api) affects Magic-Api versions up to 2.0.1. The vulnerability is a code injection in an unknown functionality exposed via the HTTP endpoint /resource/file/api/save?auto=1, which can be exploited remotely. Multiple connected sources confirm code execution risk and public disc...

PT-2024-15379 · Ai Magic · Ai Magic

Name of the Vulnerable Software and Affected Versions: Magic-Api versions up to 2.0.1 Description: A critical vulnerability has been found in Magic-Api, affecting an unknown functionality of the file "/resource/file/api/save?auto=1". The manipulation leads to code injection, and the attack can be...

libssh Security Vulnerabilities

libssh is a C development package for accessing SSH services from the libssh organization, which is capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. A security vulnerability exists in libssh version 0.10.x, version 0.9.x, a...

CVE-2023-6851

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The...

Code injection

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The...

QNAP Systems QTS and QuTS hero Cross-Site Scripting Vulnerability

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an operating system for use with entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS and QuTS...

CVE-2023-6188

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

Advisory ROSA-SA-2023-2280

Software: cockpit 264.2 OS: ROSA Virtualization 2.1 packageevrstring: cockpit-264.2-1.0.1.rv3c.src.rpm CVE-ID: CVE-2021-3660 BDU-ID: 2021-04029 CVE-Crit: MEDIUM CVE-DESC.: A manager vulnerability for Cockpit servers is related to errors in the display of the user interface or frames. Exploitation...

PT-2023-32021 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A critical vulnerability was found in DedeCMS, affecting the AddMyAddon function of the album add.php file. The manipulation of the albumUploadFiles argument leads to os command injection. The attack can b...

PT-2023-31939 · Foru Cms · Foru Cms

Name of the Vulnerable Software and Affected Versions: ForU CMS affected versions not specified Description: A critical vulnerability has been found in ForU CMS, affecting an unknown part of the file /install/index.php. The manipulation of the db name argument leads to code injection. It is...

CVE-2023-43614

CVE-2023-43614 affects Welcart e-Commerce plugin for WordPress, versions 2.7–2.8.21. The issue is a cross-site scripting vulnerability on the Order Data Edit page, enabling a remote unauthenticated attacker to inject arbitrary script. Red Hat and other sources corroborate the same description acr...